VYPR
← All advisories
Unrated severityNVD Advisory· Published Feb 15, 2018· Updated Aug 5, 2024

CVE-2017-17182

CVE-2017-17182

Description

Huawei DP300 V500R002C00, RP200 V500R002C00, V600R006C00, TE30 V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C10, V500R002C00, V600R006C00 have a out-of-bounds read vulnerability. Due to insufficient input validation, an authenticated, remote attacker could send malformed SOAP packets to the target device. Successful exploit could make the device access invalid memory and might reset a process.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A remote authenticated attacker can send malformed SOAP packets to cause out-of-bounds read in multiple Huawei video conferencing products.

Vulnerability

An out-of-bounds read vulnerability exists in Huawei DP300 V500R002C00, RP200 V500R002C00, V600R006C00, TE30 V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C10, V500R002C00, V600R006C00. Due to insufficient input validation, an authenticated, remote attacker can send malformed SOAP packets to the target device, triggering access to invalid memory.

Exploitation

An attacker with authenticated network access to the affected device can craft and send malformed SOAP packets. The attacker does not require any special privileges beyond valid credentials. Successful exploitation involves sending the malicious SOAP request to the device's SOAP interface.

Impact

Successful exploitation causes the device to read out-of-bounds memory, which may lead to a process reset. This can result in denial of service or possible information disclosure.

Mitigation

Huawei has released software updates to address this vulnerability. Refer to the Security Advisory [1] for details on obtaining the fixed versions. No workarounds have been provided.

References
  1. Security Advisory - Six Vulnerabilities in Some Huawei Products

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

4
  • Huawei/Te30llm-fuzzy
    Range: V100R001C10, V500R002C00, V600R006C00
  • Huawei/DP300llm-fuzzy
    Range: V500R002C00
  • Huawei/RP200llm-fuzzy
    Range: V500R002C00, V600R006C00
  • Huawei Technologies Co., Ltd./DP300,RP200,TE30,TE40,TE50,TE60v5
    Range: DP300 V500R002C00, RP200 V500R002C00,V600R006C00, TE30 V100R001C10,V500R002C00,V600R006C00, TE40 V500R002C00,V600R006C00, TE50 V500R002C00,V600R006C00, TE60 V100R001C10,V500R002C00,V600R006C00

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

1

News mentions

0

No linked articles in our index yet.