CVE-2017-17199
Description
Huawei DP300 V500R002C00; RP200 V500R002C00; V600R006C00; TE30 V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C10; V500R002C00; V600R006C00 have an out-of-bounds read vulnerability due to the improper processing of malformed H323 messages. A remote attacker that controls a server could exploit this vulnerability by sending malformed H323 reply messages to a target device. Successful exploit could make the device read out of bounds and probably make a service unavailable.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A remote attacker controlling a server can send malformed H.323 reply messages to trigger an out-of-bounds read on multiple Huawei video conferencing products, potentially causing denial of service.
Vulnerability
Several Huawei video conferencing products—including DP300 V500R002C00; RP200 V500R002C00; V600R006C00; TE30 V100R001C10, V500R002C00, V600R006C00; TE40 V500R002C00, V600R006C00; TE50 V500R002C00, V600R006C00; TE60 V100R001C10, V500R002C00, V600R006C00—contain an out-of-bounds read vulnerability in their H.323 message processing. The flaw is triggered when the device processes malformed H.323 reply messages, leading to out-of-bounds memory access [1].
Exploitation
An attacker who controls a server can exploit this vulnerability by sending specially crafted malformed H.323 reply messages to a targeted device. The attacker does not need prior authentication on the target, but must be in a network position to communicate with the device as a server (e.g., via a man-in-the-middle or by luring the device to connect to a malicious server). The malformed message causes the device to read beyond the bounds of an allocated buffer [1].
Impact
Successful exploitation causes the device to read out-of-bounds memory, which can lead to a denial of service condition (service unavailability). The vulnerability does not appear to allow code execution or privilege escalation; the primary impact is on availability [1].
Mitigation
Huawei has released software updates to fix these vulnerabilities. Affected products should be upgraded to the resolved versions listed in the security advisory: DP300 V500R002C00SPCb00; RP200, TE30, TE40, TE50, TE60 should be upgraded to TEX0[1] V600R006C00SPC400 or later. No workarounds have been published; applying the patch is the only recommended mitigation [1].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
7- Huawei Technologies Co., Ltd./DP300; RP200; TE30; TE40; TE50; TE60v5Range: DP300 V500R002C00
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- www.huawei.com/en/psirt/security-advisories/huawei-sa-20180207-03-h323-enmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.