CVE-2017-17131
Description
Huawei DP300 V500R002C00; RP200 V500R002C00; V600R006C00; TE30 V100R001C10; V600R006C00; TE50 V600R006C00; TE60 V100R001C10; V500R002C00; V600R006C00; VP9660 V500R002C10 have an DoS vulnerability due to insufficient validation of the parameter when a putty comment key is loaded. An authenticated remote attacker can place a malformed putty key file in system when a system manager load the key an infinite loop happens which lead to reboot the system.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Authenticated remote attackers can cause a denial-of-service (DoS) via a malformed Putty comment key file in multiple Huawei video products, leading to system reboot.
Vulnerability
A denial-of-service (DoS) vulnerability exists in Huawei DP300 V500R002C00; RP200 V500R002C00 and V600R006C00; TE30 V100R001C10 and V600R006C00; TE50 V600R006C00; TE60 V100R001C10, V500R002C00, and V600R006C00; and VP9660 V500R002C10. The flaw occurs due to insufficient validation of a parameter when a Putty comment key is loaded. An authenticated remote attacker can place a malformed Putty key file on the system. When a system administrator loads this key, an infinite loop is triggered, causing the system to reboot [1].
Exploitation
An attacker must have authenticated remote access to the targeted device. The attacker places a specially crafted Putty key file containing a malformed comment field into the system. Exploitation requires a system manager to load the malicious key file. When the key is loaded, the insufficient input validation causes the software to enter an infinite loop, leading to a reboot [1].
Impact
Successful exploitation results in a denial-of-service condition. The system reboots, causing temporary unavailability of video conferencing services. The impact is limited to availability; no confidentiality or integrity compromise is reported. The attack is triggered only upon administrative action (loading the key) [1].
Mitigation
Huawei has released software updates to fix this vulnerability. Affected users should upgrade to the resolved versions: DP300 to V500R002C00SPCb00; RP200 V500R002C00 to V600R006C00SPC400; TE30 V100R001C10 to V600R006C00SPC400; TE60 V100R001C10 to V600R006C00SPC400; and VP9660 V500R002C10 to V500R002C10SPC900. Other product versions have corresponding patches as listed in the security advisory [1]. No workarounds are provided; applying the patches is the recommended mitigation.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
4- Huawei Technologies Co., Ltd./DP300; RP200; TE30; TE50; TE60; VP9660v5Range: DP300 V500R002C00
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171206-01-vpp-enmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.