CVE-2017-17170
Description
The CIDAM Protocol on some Huawei Products has multiple input validation vulnerabilities due to insufficient validation of specific messages when the protocol is implemented. An authenticated remote attacker could send a malicious message to a target system. Successful exploit could allow the attacker to tamper with business and make the system abnormal. Affected Huawei Products are: DP300 versions V500R002C00, V500R002C00B010, V500R002C00B011, V500R002C00B012, V500R002C00B013, V500R002C00B014, V500R002C00B017, V500R002C00B018, V500R002C00SPC100, V500R002C00SPC200, V500R002C00SPC300, V500R002C00SPC400, V500R002C00SPC500, V500R002C00SPC600, V500R002C00SPC800, V500R002C00SPC900, V500R002C00SPCa00; RP200 versions V500R002C00SPC200, V600R006C00, V600R006C00SPC200, V600R006C00SPC300, V600R006C00SPC400, V600R006C00SPC500; TE30 versions V100R001C10SPC300, V100R001C10SPC500, V100R001C10SPC600, V100R001C10SPC700B010, V500R002C00SPC200, V500R002C00SPC500, V500R002C00SPC600, V500R002C00SPC700, V500R002C00SPC900, V500R002C00SPCb00, V600R006C00, V600R006C00SPC200, V600R006C00SPC300, V600R006C00SPC400, V600R006C00SPC500; TE40 versions V500R002C00SPC600, V500R002C00SPC700, V500R002C00SPC900, V500R002C00SPCb00, V600R006C00, V600R006C00SPC200, V600R006C00SPC300, V600R006C00SPC400, V600R006C00SPC500; TE50 versions V500R002C00SPC600, V500R002C00SPC700, V500R002C00SPCb00, V600R006C00, V600R006C00SPC200, V600R006C00SPC300, V600R006C00SPC400, V600R006C00SPC500; TE60 versions V100R001C10, V100R001C10B001, V100R001C10B002, V100R001C10B010, V100R001C10B011, V100R001C10B012, V100R001C10B013, V100R001C10B014, V100R001C10B016, V100R001C10B017, V100R001C10B018, V100R001C10B019, V100R001C10SPC400, V100R001C10SPC500, V100R001C10SPC600, V100R001C10SPC700, V100R001C10SPC800B011, V100R001C10SPC900, V500R002C00, V500R002C00B010, V500R002C00B011, V500R002C00SPC100, V500R002C00SPC200, V500R002C00SPC300, V500R002C00SPC600, V500R002C00SPC700, V500R002C00SPC800, V500R002C00SPC900, V500R002C00SPCa00, V500R002C00SPCb00, V500R002C00SPCd00, V500R002C00SPCe00, V600R006C00, V600R006C00SPC100, V600R006C00SPC200, V600R006C00SPC300, V600R006C00SPC400, V600R006C00SPC500; eSpace U1981 version V200R003C20SPC900.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Multiple input validation flaws in Huawei's CIDAM protocol let authenticated remote attackers tamper with business operations and cause system abnormality.
Vulnerability
The CIDAM Protocol implementations in multiple Huawei products contain multiple input validation vulnerabilities (CVE-2017-17170, along with CVE-2017-17168, CVE-2017-17169, and CVE-2017-17304) due to insufficient validation of specific protocol messages [1]. Affected products and versions include DP300 (V500R002C00 series), RP200 (V500R002C00 and V600R006C00 series), TE30 (V100R001C10 and V500R002C00 series), TE40 (V500R002C00 and V600R006C00 series), TE50 (V500R002C00 and V600R006C00 series), and TE60 (multiple V100R001C10 and V500R002C00 series versions) [1]. A complete list of all affected version strings is provided in the vendor advisory [1].
Exploitation
An authenticated remote attacker exploits the flaw by sending a specially crafted malicious message over the CIDAM protocol to a target system [1]. No additional privileges beyond valid authentication are required, and the attack can be conducted over the network [1]. The exact sequence of steps is not detailed in the available references, but the attack relies on the protocol's failure to properly validate the content of the received message.
Impact
Successful exploitation allows the attacker to tamper with business operations and cause the system to become abnormal [1]. The impact is primarily on integrity and availability, potentially disrupting normal video conferencing or communication functions of the affected Huawei devices. The attacker's actions are constrained to the context of the CIDAM protocol, but the specific scope of compromise (e.g., whether full device control is achieved) is not further detailed in the advisory.
Mitigation
Huawei has released software updates to fix these vulnerabilities, as noted in the security advisory published on 2017-12-20 [1]. Customers should upgrade their affected products to the resolved versions listed in the advisory's product table, such as DP300 V500R002C00SPCb00 or later, and corresponding fixed versions for other models [1]. No workarounds are provided, and applying the official patches is the recommended mitigation. The vulnerabilities are not listed on the CISA Known Exploited Vulnerabilities catalog (as of this writing).
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
3- Range: V100R001C10SPC300, V100R001C10SPC500, V100R001C10SPC600, V100R001C10SPC700B010, V500R002C00SPC200, V500R002C00SPC500, V500R002C00SPC600, V500R002C00SPC700, V500R002C00SPC900, V500R002C00SPCb00, V600R006C00, V600R006C00SPC200, V600R006C00SPC300, V600R006C00SPC400, V600R006C00SPC500
- Range: V500R002C00, V500R002C00B010, V500R002C00B011, V500R002C00B012, V500R002C00B013, V500R002C00B014, V500R002C00B017, V500R002C00B018, V500R002C00SPC100, V500R002C00SPC200, V500R002C00SPC300, V500R002C00SPC400, V500R002C00SPC500, V500R002C00SPC600, V500R002C00SPC800, V500R002C00SPC900, V500R002C00SPCa00
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- www.huawei.com/en/psirt/security-advisories/huawei-sa-20171220-02-cidam-enmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.