CVE-2017-15356
Description
Huawei DP300, V500R002C00, RP200, V600R006C00, TE30, V100R001C10, V500R002C00,V600R006C00, TE40, V500R002C00, V600R006C00, TE50, V500R002C00,V600R006C00, TE60, V100R001C10, V500R002C00, V600R006C00, TX50,V500R002C00, V600R006C00 have a buffer overflow vulnerability. An attacker may send specially crafted HTTP messages to the affected products. Due insufficient input validation of three different parameters in the messages, successful exploit may cause some service abnormal.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Huawei DP300, RP200, TE30/TE40/TE50/TE60, and TX50 products are vulnerable to buffer overflow via crafted HTTP messages, potentially causing service disruption.
Vulnerability
A buffer overflow vulnerability exists in multiple Huawei products, including DP300 (V500R002C00), RP200 (V600R006C00), TE30 (V100R001C10, V500R002C00, V600R006C00), TE40 (V500R002C00, V600R006C00), TE50 (V500R002C00, V600R006C00), TE60 (V100R001C10, V500R002C00, V600R006C00), and TX50 (V500R002C00, V600R006C00). The issue arises from insufficient input validation of three different parameters in specially crafted HTTP messages, as identified by Huawei vulnerability IDs HWPSIRT-2017-08063, HWPSIRT-2017-08064, and HWPSIRT-2017-08065 [1].
Exploitation
An attacker can exploit this vulnerability by sending specially crafted HTTP messages to affected devices. No authentication is mentioned as required for exploitation. The specific parameters that are improperly validated allow the attacker to trigger a buffer overflow condition through crafted input [1].
Impact
Successful exploitation may cause service abnormality, leading to disruption of the affected product's functionality. The vulnerability does not directly lead to code execution or data disclosure as described, but rather impacts availability by causing services to become abnormal or crash [1].
Mitigation
Huawei has released software updates to fix these vulnerabilities. For affected versions, the following resolved versions are available: DP300 V500R002C00SPCb00, RP200 V600R006C00SPC500, and other products upgrade to TEX0[1] V600R006C00SPC500 (as per advisory). Users should apply the updates via the Huawei support portal [1].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
4- Huawei Technologies Co., Ltd./DP300,RP200,TE30,TE40,TE50,TE60,TX50v5Range: DP300 ,V500R002C00 ,RP200 ,V600R006C00 ,TE30 ,V100R001C10 ,V500R002C00 ,V600R006C00 ,TE40 ,V500R002C00 ,V600R006C00 ,TE50 ,V500R002C00 ,V600R006C00 ,TE60 ,V100R001C10 ,V500R002C00 ,V600R006C00 ,TX50 ,V500R002C00 ,V600R006C00
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- www.huawei.com/en/psirt/security-advisories/huawei-sa-20171108-02-http-enmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.