CVE-2017-17168
Description
The CIDAM Protocol on some Huawei Products has multiple input validation vulnerabilities due to insufficient validation of specific messages when the protocol is implemented. An authenticated remote attacker could send a malicious message to a target system. Successful exploit could allow the attacker to tamper with business and make the system abnormal. Affected Huawei Products are: DP300 versions V500R002C00, V500R002C00B010, V500R002C00B011, V500R002C00B012, V500R002C00B013, V500R002C00B014, V500R002C00B017, V500R002C00B018, V500R002C00SPC100, V500R002C00SPC200, V500R002C00SPC300, V500R002C00SPC400, V500R002C00SPC500, V500R002C00SPC600, V500R002C00SPC800, V500R002C00SPC900, V500R002C00SPCa00; RP200 versions V500R002C00SPC200, V600R006C00, V600R006C00SPC200, V600R006C00SPC300, V600R006C00SPC400, V600R006C00SPC500; TE30 versions V100R001C10SPC300, V100R001C10SPC500, V100R001C10SPC600, V100R001C10SPC700B010, V500R002C00SPC200, V500R002C00SPC500, V500R002C00SPC600, V500R002C00SPC700, V500R002C00SPC900, V500R002C00SPCb00, V600R006C00, V600R006C00SPC200, V600R006C00SPC300, V600R006C00SPC400, V600R006C00SPC500; TE40 versions V500R002C00SPC600, V500R002C00SPC700, V500R002C00SPC900, V500R002C00SPCb00, V600R006C00, V600R006C00SPC200, V600R006C00SPC300, V600R006C00SPC400, V600R006C00SPC500; TE50 versions V500R002C00SPC600, V500R002C00SPC700, V500R002C00SPCb00, V600R006C00, V600R006C00SPC200, V600R006C00SPC300, V600R006C00SPC400, V600R006C00SPC500; TE60 versions V100R001C10, V100R001C10B001, V100R001C10B002, V100R001C10B010, V100R001C10B011, V100R001C10B012, V100R001C10B013, V100R001C10B014, V100R001C10B016, V100R001C10B017, V100R001C10B018, V100R001C10B019, V100R001C10SPC400, V100R001C10SPC500, V100R001C10SPC600, V100R001C10SPC700, V100R001C10SPC800B011, V100R001C10SPC900, V500R002C00, V500R002C00B010, V500R002C00B011, V500R002C00SPC100, V500R002C00SPC200, V500R002C00SPC300, V500R002C00SPC600, V500R002C00SPC700, V500R002C00SPC800, V500R002C00SPC900, V500R002C00SPCa00, V500R002C00SPCb00, V500R002C00SPCd00, V500R002C00SPCe00, V600R006C00, V600R006C00SPC100, V600R006C00SPC200, V600R006C00SPC300, V600R006C00SPC400, V600R006C00SPC500; eSpace U1981 version V200R003C20SPC900.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Multiple input validation vulnerabilities in the CIDAM protocol of various Huawei products allow authenticated remote attackers to tamper with system business and cause abnormal behavior.
Vulnerability
The CIDAM Protocol implementation on multiple Huawei products contains multiple input validation vulnerabilities (HWPSIRT-2017-08147, HWPSIRT-2017-08148, HWPSIRT-2017-08149, HWPSIRT-2017-08150) due to insufficient validation of specific messages. The affected products and versions include DP300 (V500R002C00 series), RP200 (V500R002C00SPC200, V600R006C00 series), TE30 (V100R001C10SPC300 and later), TE40 (V500R002C00SPC600 and later), TE50 (V500R002C00SPC600 and later), and TE60 (V100R001C10 series and V500R002C00 series) [1]. The vulnerabilities are cataloged as four CVEs: CVE-2017-17168, CVE-2017-17169, CVE-2017-17170, and CVE-2017-17304 [1].
Exploitation
An authenticated remote attacker with network access to a target system can send a maliciously crafted message to a device running the CIDAM protocol [1]. The attacker must have valid authentication credentials to communicate with the CIDAM service. The specific steps involve sending a message that exploits the insufficient input validation to trigger the vulnerability [1].
Impact
Successful exploitation allows the attacker to tamper with business operations and cause the system to behave abnormally [1]. The impact primarily affects the integrity and availability of the device's functionality, potentially disrupting normal video conferencing or collaboration services [1].
Mitigation
Huawei has released software updates to fix these vulnerabilities [1]. The resolved versions include, for example, DP300 V500R002C00SPCb00 and corresponding updates for other affected products [1]. Users should upgrade to the latest firmware versions listed in the Huawei security advisory [1]. If an update is not immediately available, restricting network access to authenticated users and monitoring for anomalous CIDAM messages can serve as a workaround.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
3- Range: V200R003C20SPC900
- Range: V500R002C00, V500R002C00B010, V500R002C00B011, V500R002C00B012, V500R002C00B013, V500R002C00B014, V500R002C00B017, V500R002C00B018, V500R002C00SPC100, V500R002C00SPC200, V500R002C00SPC300, V500R002C00SPC400, V500R002C00SPC500, V500R002C00SPC600, V500R002C00SPC800, V500R002C00SPC900, V500R002C00SPCa00
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- www.huawei.com/en/psirt/security-advisories/huawei-sa-20171220-02-cidam-enmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.