CVE-2017-17169
Description
The CIDAM Protocol on some Huawei Products has multiple input validation vulnerabilities due to insufficient validation of specific messages when the protocol is implemented. An authenticated remote attacker could send a malicious message to a target system. Successful exploit could allow the attacker to tamper with business and make the system abnormal. Affected Huawei Products are: DP300 versions V500R002C00, V500R002C00B010, V500R002C00B011, V500R002C00B012, V500R002C00B013, V500R002C00B014, V500R002C00B017, V500R002C00B018, V500R002C00SPC100, V500R002C00SPC200, V500R002C00SPC300, V500R002C00SPC400, V500R002C00SPC500, V500R002C00SPC600, V500R002C00SPC800, V500R002C00SPC900, V500R002C00SPCa00; RP200 versions V500R002C00SPC200, V600R006C00, V600R006C00SPC200, V600R006C00SPC300, V600R006C00SPC400, V600R006C00SPC500; TE30 versions V100R001C10SPC300, V100R001C10SPC500, V100R001C10SPC600, V100R001C10SPC700B010, V500R002C00SPC200, V500R002C00SPC500, V500R002C00SPC600, V500R002C00SPC700, V500R002C00SPC900, V500R002C00SPCb00, V600R006C00, V600R006C00SPC200, V600R006C00SPC300, V600R006C00SPC400, V600R006C00SPC500; TE40 versions V500R002C00SPC600, V500R002C00SPC700, V500R002C00SPC900, V500R002C00SPCb00, V600R006C00, V600R006C00SPC200, V600R006C00SPC300, V600R006C00SPC400, V600R006C00SPC500; TE50 versions V500R002C00SPC600, V500R002C00SPC700, V500R002C00SPCb00, V600R006C00, V600R006C00SPC200, V600R006C00SPC300, V600R006C00SPC400, V600R006C00SPC500; TE60 versions V100R001C10, V100R001C10B001, V100R001C10B002, V100R001C10B010, V100R001C10B011, V100R001C10B012, V100R001C10B013, V100R001C10B014, V100R001C10B016, V100R001C10B017, V100R001C10B018, V100R001C10B019, V100R001C10SPC400, V100R001C10SPC500, V100R001C10SPC600, V100R001C10SPC700, V100R001C10SPC800B011, V100R001C10SPC900, V500R002C00, V500R002C00B010, V500R002C00B011, V500R002C00SPC100, V500R002C00SPC200, V500R002C00SPC300, V500R002C00SPC600, V500R002C00SPC700, V500R002C00SPC800, V500R002C00SPC900, V500R002C00SPCa00, V500R002C00SPCb00, V500R002C00SPCd00, V500R002C00SPCe00, V600R006C00, V600R006C00SPC100, V600R006C00SPC200, V600R006C00SPC300, V600R006C00SPC400, V600R006C00SPC500; eSpace U1981 version V200R003C20SPC900.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Huawei products running CIDAM protocol with insufficient input validation allow authenticated remote attackers to tamper with business and cause system abnormality.
Vulnerability
The CIDAM Protocol on multiple Huawei products has multiple input validation vulnerabilities (HWPSIRT-2017-08147, HWPSIRT-2017-08148, HWPSIRT-2017-08149, HWPSIRT-2017-08150) due to insufficient validation of specific messages. Affected products include DP300 (V500R002C00 through V500R002C00SPCa00), RP200 (V500R002C00SPC200 through V600R006C00SPC500), TE30 (V100R001C10SPC300 through V600R006C00SPC500), TE40 (V500R002C00SPC600 through V600R006C00SPC500), TE50 (V500R002C00SPC600 through V600R006C00SPC500), and TE60 (V100R001C10 through V500R002C00SPCe...) [1].
Exploitation
An authenticated remote attacker can exploit these vulnerabilities by sending a malicious message to a target system running an affected version of the CIDAM protocol. The attacker must have network access to the target and valid authentication credentials for the protocol session [1].
Impact
Successful exploitation allows the attacker to tamper with business operations and make the system abnormal. The impact includes compromising the integrity of business data and causing denial of service or erratic behavior of the affected Huawei product [1].
Mitigation
Huawei has released software updates to fix these vulnerabilities. The resolved versions are specified per product: DP300 V500R002C00SPCb00, RP200 V600R006C00SPC500, TE30 V600R006C00SPC500, TE40 V600R006C00SPC500, TE50 V600R006C00SPC500, and TE60 V500R002C00SPCe... Users should upgrade to the corresponding resolved version or later [1]. The advisory was last updated on 2019-12-18 [1].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
3- Range: V100R001C10SPC300, V100R001C10SPC500, V100R001C10SPC600, V100R001C10SPC700B010, V500R002C00SPC200, V500R002C00SPC500, V500R002C00SPC600, V500R002C00SPC700, V500R002C00SPC900, V500R002C00SPCb00, V600R006C00, V600R006C00SPC200, V600R006C00SPC300, V600R006C00SPC400, V600R006C00SPC500
- Range: V500R002C00, V500R002C00B010, V500R002C00B011, V500R002C00B012, V500R002C00B013, V500R002C00B014, V500R002C00B017, V500R002C00B018, V500R002C00SPC100, V500R002C00SPC200, V500R002C00SPC300, V500R002C00SPC400, V500R002C00SPC500, V500R002C00SPC600, V500R002C00SPC800, V500R002C00SPC900, V500R002C00SPCa00
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- www.huawei.com/en/psirt/security-advisories/huawei-sa-20171220-02-cidam-enmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.