VYPR
← All advisories
Unrated severityNVD Advisory· Published Feb 15, 2018· Updated Aug 5, 2024

CVE-2017-15342

CVE-2017-15342

Description

Huawei DP300 V500R002C00, TE60 V600R006C00, TP3106 V100R002C00, eSpace U1981 V200R003C30SPC100 have a denial of service vulnerability. The software does not correctly calculate the rest size in a buffer when handling SSL connections. A remote unauthenticated attacker could send a lot of crafted SSL messages to the device, successful exploit could cause no space in the buffer and then denial of service.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A remote unauthenticated attacker can crash Huawei DP300, TE60, TP3106, and eSpace U1981 devices by sending crafted SSL messages that exhaust a buffer due to an incorrect size calculation.

Vulnerability

The software on Huawei DP300 V500R002C00, TE60 V600R006C00, TP3106 V100R002C00, and eSpace U1981 V200R003C30SPC100 does not correctly calculate the remaining size in a buffer when handling SSL connections. This flaw can be triggered by a remote unauthenticated attacker sending a large number of crafted SSL messages to the device, causing the buffer to run out of space. [1]

Exploitation

An attacker does not require authentication or prior access to the target device. By repeatedly sending specially crafted SSL messages over the network, the attacker forces the device into a state where the buffer has no remaining capacity, leading to a denial of service. No user interaction is needed. [1]

Impact

Successful exploitation results in a denial of service (DoS), affecting the availability of the device. The attack does not require any privileges and impacts the device's ability to process legitimate SSL connections. [1]

Mitigation

Huawei has released software updates to fix the vulnerability. For DP300 upgrade to V500R02C00SPC800, for TE60 upgrade to V600R006C00SPC300, for TP3106 upgrade to V100R002C00SPC800, and for eSpace U1981 upgrade to V200R003C30SPC800. The advisory was published on 2017-12-06. [1]

References
  1. Security Advisory - Denial of Service Vulnerability on Several Huawei Products

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

5
  • Huawei/eSpace U1981llm-fuzzy
    Range: = V200R003C30SPC100
  • Huawei/Te60llm-fuzzy
    Range: = V600R006C00
  • Huawei/TP3106llm-fuzzy
    Range: = V100R002C00
  • Huawei/DP300llm-fuzzy
    Range: = V500R002C00
  • Huawei Technologies Co., Ltd./DP300,TE60,TP3106,eSpace U1981v5
    Range: DP300 V500R002C00, TE60 V600R006C00, TP3106 V100R002C00, eSpace U1981 V200R003C30SPC100

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

1

News mentions

0

No linked articles in our index yet.