CVE-2017-17166
Description
Huawei DP300 V500R002C00, Secospace USG6300 V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6500 V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6600 V500R001C00, V500R001C20, V500R001C30, V500R001C50, TP3206 V100R002C00, VP9660 V500R002C00, V500R002C10 have a resource exhaustion vulnerability. The software does not process certain field of H.323 message properly, a remote unauthenticated attacker could send crafted H.323 message to the device, successful exploit could cause certain service unavailable since the stack memory is exhausted.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A resource exhaustion vulnerability in Huawei products via crafted H.323 messages allows remote unauthenticated attackers to cause denial of service.
Vulnerability
A resource exhaustion vulnerability exists in Huawei DP300 V500R002C00, Secospace USG6300, USG6500, USG6600 V500R001C00, V500R001C20, V500R001C30, V500R001C50, TP3206 V100R002C00, and VP9660 V500R002C00, V500R002C10. The software does not properly process certain fields of H.323 messages, leading to stack memory exhaustion when a crafted message is received [1].
Exploitation
A remote unauthenticated attacker can exploit this vulnerability by sending a specially crafted H.323 message to the affected device. No authentication or user interaction is required; the attacker only needs network access to the device [1].
Impact
Successful exploitation exhausts stack memory, causing certain services to become unavailable. This results in a denial of service condition. No code execution or privilege escalation is achieved [1].
Mitigation
Huawei has released software updates to address this vulnerability. For DP300, upgrade to V500R002C00SPCa00. For Secospace USG6300, USG6500, and USG6600, upgrade to V500R001C60. For TP3206 and VP9660, refer to the security advisory for specific resolved versions. The advisory was released on 2017-12-13 [1].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
7- Range: V500R001C00, V500R001C20, V500R001C30, V500R001C50
- Range: V500R001C00, V500R001C20, V500R001C30, V500R001C50
- Range: V500R001C00, V500R001C20, V500R001C30, V500R001C50
- Huawei Technologies Co., Ltd./DP300, Secospace USG6300,Secospace USG6500,Secospace USG6600,TP3206, VP9660v5Range: DP300 V500R002C00,Secospace USG6300 V500R001C00, V500R001C20, V500R001C30, V500R001C50,Secospace USG6500 V500R001C00, V500R001C20, V500R001C30, V500R001C50,Secospace USG6600 V500R001C00, V500R001C20, V500R001C30, V500R001C50,TP3206 V100R002C00,VP9660 V500R002C00, V500R002C10
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171213-02-h323-enmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.