CVE-2017-15348
Description
Huawei IPS Module V500R001C00, NGFW Module V500R001C00, NIP6300 V500R001C00, NIP6600 V500R001C00, Secospace USG6300 V500R001C00, Secospace USG6500 V500R001C00, Secospace USG6600 V500R001C00, USG9500 V500R001C00 have an insufficient input validation vulnerability. An unauthenticated, remote attacker could send specific MPLS Echo Request messages to the target products. Due to insufficient input validation of some parameters in the messages, successful exploit may cause the device to reset.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
An unauthenticated, remote attacker can crash Huawei network security products by sending crafted MPLS Echo Request messages due to insufficient input validation.
Vulnerability
Huawei IPS Module V500R001C00, NGFW Module V500R001C00, NIP6300 V500R001C00, NIP6600 V500R001C00, Secospace USG6300 V500R001C00, Secospace USG6500 V500R001C00, Secospace USG6600 V500R001C00, and USG9500 V500R001C00 contain an insufficient input validation vulnerability (HWPSIRT-2017-04196). An unauthenticated, remote attacker can send specific MPLS Echo Request messages to the target products. The products fail to properly validate certain parameters in the messages, leading to a denial-of-service condition. [1]
Exploitation
The attacker requires no authentication and only network connectivity to the target device. By sending specially crafted MPLS Echo Request packets to an affected Huawei product, the insufficient input validation triggers a fault that causes the device to reset. The exact sequence of steps is limited to sending the malicious packets over the network. [1]
Impact
Successful exploitation results in a denial-of-service (DoS) condition, causing the targeted Huawei product to reset. This can lead to temporary loss of network security functions and potential network disruption. The impact is limited to device availability. [1]
Mitigation
Huawei has released software updates to fix this vulnerability. The resolved version for all affected products is V500R001C30SPC600. Customers should upgrade their affected products to this or a later version. No workarounds are provided in the available reference. [1]
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: V500R001C00
- Huawei Technologies Co., Ltd./IPS Module,NGFW Module,NIP6300,NIP6600,Secospace USG6300,Secospace USG6500,Secospace USG6600,USG9500,v5Range: IPS Module V500R001C00,NGFW Module V500R001C00,NIP6300 V500R001C00,NIP6600 V500R001C00,Secospace USG6300 V500R001C00,Secospace USG6500 V500R001C00,Secospace USG6600 V500R001C00,USG9500 V500R001C00,
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- www.huawei.com/en/psirt/security-advisories/huawei-sa-20171129-01-routers-enmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.