CVE-2017-17134
Description
XML parser in Huawei DP300 V500R002C00; RP200 V500R002C00SPC200; V600R006C00; TE30 V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C10; V500R002C00; V600R006C00 has a DoS vulnerability. Due to not check the specially XML file enough an authenticated local attacker may craft specific XML files to the affected products and parse this file which cause to null pointer accessing and result in DoS attacks.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A DoS vulnerability in the XML parser of multiple Huawei video conferencing products allows an authenticated local attacker to crash the device via a crafted XML file.
Vulnerability
The XML parser in several Huawei video conferencing products contains a denial-of-service vulnerability. The affected products and versions are: DP300 V500R002C00; RP200 V500R002C00SPC200 and V600R006C00; TE30 V100R001C10, V500R002C00, and V600R006C00; TE40 V500R002C00 and V600R006C00; TE50 V500R002C00 and V600R006C00; TE60 V100R001C10, V500R002C00, and V600R006C00. Due to insufficient validation of specially crafted XML files, the parser may access a null pointer when processing such a file, leading to a crash. The vulnerability is identified as HWPSIRT-2017-08152 [1].
Exploitation
An attacker must have authenticated local access to the affected device. The attacker crafts a specific XML file and causes the vulnerable XML parser to process it. The lack of proper input validation results in a null pointer dereference when parsing the malformed XML, which triggers the denial of service [1].
Impact
Successful exploitation causes the affected product to crash, resulting in a denial of service (DoS). The attacker gains no code execution or data access, but service availability is impacted [1].
Mitigation
Huawei has released software updates to fix this vulnerability. For each product, the resolved version is specified in the advisory [1]. For example, DP300 resolves with V500R002C00SPCb00, RP200 with V600R006C00SPC500, and TE30/TE40/TE50/TE60 with V600R006C00SPC500 or V600R006C00SPC600 depending on the model. Users should upgrade to the latest available firmware version. No workaround is provided [1].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
4- Huawei Technologies Co., Ltd./DP300; RP200; TE30; TE40; TE50; TE60v5Range: DP300 V500R002C00
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171206-02-xml-enmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.