VYPR
← All advisories
Unrated severityNVD Advisory· Published Feb 15, 2018· Updated Aug 5, 2024

CVE-2017-15350

CVE-2017-15350

Description

The Common Open Policy Service Protocol (COPS) module in Huawei DP300 V500R002C00, IPS Module V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, NGFW Module V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, NIP6300 V500R001C00, V500R001C20, V500R001C30, V500R001C50, NIP6600 V500R001C00, V500R001C20, V500R001C30, V500R001C50, NIP6800 V500R001C50, RP200 V500R002C00, V600R006C00, SVN5600 V200R003C00, V200R003C10, SVN5800 V200R003C00, V200R003C10,SVN5800-C V200R003C00, V200R003C10, Secospace USG6300 V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6500 V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6600 V100R001C00, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, TE30 V100R001C02, V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C01, V100R001C10, V500R002C00, V600R006C00, TP3206 V100R002C00, V100R002C10,USG9500 V500R001C00, V500R001C20, V500R001C30, V500R001C50 haa a buffer overflow vulnerability. An unauthenticated, remote attacker could exploit this vulnerability by sending specially crafted message to the affected products. The vulnerability is due to insufficient input validation of the message, which could result in a buffer overflow. Successful exploit may cause some services abnormal.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A buffer overflow in Huawei's COPS module allows an unauthenticated, remote attacker to cause service abnormalities by sending a specially crafted message.

Vulnerability

A buffer overflow vulnerability exists in the Common Open Policy Service Protocol (COPS) module of multiple Huawei products, including DP300, IPS Module, NGFW Module, NIP6300, NIP6600, NIP6800, RP200, SVN5600, SVN5800, SVN5800-C, Secospace USG6300/6500/6600, TE30/40/50/60, TP3206, and USG9500, in various affected versions [1]. The vulnerability stems from insufficient input validation of messages processed by the COPS module, which can lead to a buffer overflow [1].

Exploitation

An unauthenticated, remote attacker can trigger this vulnerability by sending a specially crafted message to the affected products' COPS module. No authentication or special network position is required, as the attack can be launched over the network [1]. The crafted message, due to improper input validation, causes a buffer overflow when processed.

Impact

Successful exploitation of this buffer overflow may cause some services to become abnormal, potentially leading to denial of service or other unspecified impacts on the affected device. The vulnerability does not directly grant code execution or data access according to available sources [1].

Mitigation

Huawei has released software updates to address this vulnerability. Customers should upgrade to the resolved product and version specified in the security advisory [1]. For example, DP300 should be upgraded to V500R002C00SPCb00, and IPS Module to V500R001C60SPC300 with SPH012. Users are advised to apply the relevant patches as soon as possible. No workarounds are mentioned in the available references.

References
  1. Security Advisory - Buffer Overflow Vulnerability in Some Huawei Products

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

4
  • Huawei/Secospace USG6300llm-fuzzy
    Range: V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50
  • Huawei/DP300llm-fuzzy
    Range: V500R002C00
  • Huawei/NGFW Modulellm-fuzzy
    Range: V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20
  • Huawei Technologies Co., Ltd./DP300,IPS Module,NGFW Module,NIP6300,NIP6600,NIP6800,RP200,SVN5600,SVN5800,SVN5800-C,Secospace USG6300,Secospace USG6500,Secospace USG6600,TE30,TE40,TE50,TE60,TP3206,USG9500,v5
    Range: DP300 V500R002C00,IPS Module V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50,NGFW Module V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20,NIP6300 V500R001C00, V500R001C20, V500R001C30, V500R001C50,NIP6600 V500R001C00, V500R001C20, V500R001C30, V500R001C50,NIP6800 V500R001C50,RP200 V500R002C00, V600R006C00,SVN5600 V200R003C00, V200R003C10,SVN5800 V200R003C00, V200R003C10,SVN5800-C V200R003C00, V200R003C10,Secospace USG6300 V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50,Secospace USG6500 V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50,Secospace USG6600 V100R001C00, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50,TE30 V100R001C02, V100R001C10, V500R002C00, V600R006C00,TE40 V500R002C00, V600R006C00,TE50 V500R002C00, V600R006C00,TE60 V100R001C01, V100R001C10, V500R002C00, V600R006C00,TP3206 V100R002C00, V100R002C10,USG9500 V500R00 ...[truncated*]

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

1

News mentions

0

No linked articles in our index yet.