CVE-2017-17132
Description
Huawei VP9660 V500R002C10 has a uncontrolled format string vulnerability when the license module output the log information. An authenticated local attacker could exploit this vulnerability to cause a denial of service.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Uncontrolled format string in Huawei VP9660 license module allows authenticated local attacker to cause denial of service.
Vulnerability
An uncontrolled format string vulnerability exists in the license module of Huawei VP9660 running version V500R002C10. When the module outputs log information, it fails to properly validate format string arguments, allowing an authenticated local attacker to trigger a denial of service. [1]
Exploitation
An attacker must have local authenticated access to the affected device. By providing a specially crafted input that is passed to the license module's log output function, the attacker can exploit the format string flaw, causing the system to crash. [1]
Impact
Successful exploitation results in a denial of service, rendering the VP9660 unavailable until recovery. No other impact (such as code execution or privilege escalation) has been reported. [1]
Mitigation
Huawei has released software update V500R002C10SPC800 to fix this vulnerability. Users should upgrade to the resolved version. No workaround is available. [1]
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Huawei Technologies Co., Ltd./VP9660v5Range: V500R002C10
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171206-01-license-enmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.