CVE-2017-15353
Description
Huawei DP300, V500R002C00, RP200, V500R002C00, V600R006C00, RSE6500, V500R002C00, TE30, V100R001C02, V100R001C10, V500R002C00, V600R006C00, TE40, V500R002C00, V600R006C00, TE50, V500R002C00, V600R006C00, TE60, V100R001C01, V100R001C10, V500R002C00, V600R006C00, TX50, V500R002C00, V600R006C00, VP9660, V500R002C00, V500R002C10, ViewPoint 8660, V100R008C03, ViewPoint 9030, V100R011C02, V100R011C03, Viewpoint 8660, V100R008C03 have an out-of-bounds read vulnerability. An attacker has to control the peer device and send specially crafted messages to the affected products. Due to insufficient input validation, successful exploit may cause some service abnormal.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
An out-of-bounds read in Huawei products via crafted H.323 messages allows an attacker on the peer device to cause service abnormal.
Vulnerability
An out-of-bounds read vulnerability exists in the H.323 implementation of multiple Huawei video conferencing products. The affected products include DP300 V500R002C00, RP200 V500R002C00 and V600R006C00, RSE6500 V500R002C00, TE30 V100R001C02/V100R001C10/V500R002C00/V600R006C00, TE40 V500R002C00/V600R006C00, TE50 V500R002C00/V600R006C00, TE60 V100R001C01/V100R001C10/V500R002C00/V600R006C00, TX50 V500R002C00/V600R006C00, VP9660 V500R002C00/V500R002C10, ViewPoint 8660 V100R008C03, and ViewPoint 9030 V100R011C02/V100R011C03 [1]. The vulnerability is due to insufficient input validation of specially crafted messages sent over the H.323 protocol [1].
Exploitation
To exploit this vulnerability, an attacker must first gain control of a peer device that communicates with the affected product via H.323 [1]. The attacker then sends specially crafted messages to the target device [1]. The attack requires network access to the H.323 channel and does not require authentication on the target device itself, as the messages are processed during normal protocol handling.
Impact
Successful exploitation of the out-of-bounds read can cause abnormal service behavior on the affected device [1]. This may lead to denial of service or information disclosure depending on the memory contents read. The attacker does not gain code execution or elevated privileges from this vulnerability; the primary impact is service disruption or potential leakage of sensitive data.
Mitigation
Huawei has released software updates to fix the vulnerability. Customers should upgrade to the following resolved versions: DP300 V500R002C00SPCb00; RP200 Upgrade to TEX0[1] V600R006C00SPC400; V600R006C00 TEX0[1] V600R006C00SPC400; RSE6500 (check vendor advisory for specific version); TE30 V600R006C00SPC500; TE40 V600R006C00SPC400; TE50 V600R006C00SPC400; TE60 V600R006C00SPC400; TX50 V600R006C00SPC400; VP9660 V600R00600SPC500; ViewPoint 8660 V100R008C03SPC100; ViewPoint 9030 V100R011C03SPC100 [1]. The security advisory was released on 2017-11-15 [1]. No workarounds are documented if patching is not immediately possible.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
4- Huawei Technologies Co., Ltd./DP300,RP200,RSE6500,TE30,TE40,TE50,TE60,TX50,VP9660,ViewPoint 8660,ViewPoint 9030,Viewpoint 8660,v5Range: DP300 ,V500R002C00 ,RP200 ,V500R002C00 ,V600R006C00 ,RSE6500 ,V500R002C00 ,TE30 ,V100R001C02 ,V100R001C10 ,V500R002C00 ,V600R006C00 ,TE40 ,V500R002C00 ,V600R006C00 ,TE50 ,V500R002C00 ,V600R006C00 ,TE60 ,V100R001C01 ,V100R001C10 ,V500R002C00 ,V600R006C00 ,TX50 ,V500R002C00 ,V600R006C00 ,VP9660 ,V500R002C00 ,V500R002C10 ,ViewPoint 8660 ,V100R008C03 ,ViewPoint 9030 ,V100R011C02 ,V100R011C03 ,Viewpoint 8660 ,V100R008C03
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- www.huawei.com/en/psirt/security-advisories/huawei-sa-20171115-01-h323-enmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.