CVE-2017-17217
Description
Media Gateway Control Protocol (MGCP) in Huawei DP300 V500R002C00; RP200 V500R002C00SPC200; V600R006C00; TE30 V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C10; V500R002C00; V600R006C00 has an out-of-bounds write vulnerability. An unauthenticated, remote attacker crafts malformed packets with specific parameter to the affected products. Due to insufficient validation of packets, successful exploitation may impact availability of product service.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
An unauthenticated remote attacker can trigger an out-of-bounds write in Huawei products' MGCP stack, leading to service denial via crafted malformed packets.
Vulnerability
An out-of-bounds write vulnerability exists in the Media Gateway Control Protocol (MGCP) implementation of multiple Huawei products: DP300 V500R002C00; RP200 V500R002C00SPC200 and V600R006C00; TE30 V100R001C10, V500R002C00 and V600R006C00; TE40 V500R002C00 and V600R006C00; TE50 V500R002C00 and V600R006C00; TE60 V100R001C10, V500R002C00 and V600R006C00. The flaw is triggered when an unauthenticated, remote attacker sends specially crafted malformed MGCP packets with a specific parameter. Due to insufficient validation of packet contents, the affected products perform an out-of-bounds write operation, which can corrupt memory and destabilize the MGCP service [1].
Exploitation
An attacker does not require any authentication or prior access to the target network. The only requirement is network reachability to the MGCP service port on the affected device. The attacker crafts malformed MGCP packets containing a specific parameter that bypasses input validation. When the device processes these packets, the lack of proper bounds checking causes an out-of-bounds write. No user interaction is needed to trigger the vulnerability [1].
Impact
Successful exploitation of this out-of-bounds write vulnerability typically leads to a denial of service condition. The malformed packets can cause the MGCP process to crash or hang, impacting the availability of the product's service. The advisory explicitly notes that exploitation may impact availability of product service, but does not indicate that code execution or information disclosure is achievable [1].
Mitigation
Huawei released software updates to fix this vulnerability on 2018-01-24. The resolved versions are: DP300 V500R002C00SPCb00; RP200 V500R002C00SPCb00 and V600R006C00SPCb00; TE30 V100R001C10SPCb00, V500R002C00SPCb00 and V600R006C00SPCb00; TE40 V500R002C00SPCb00 and V600R006C00SPCb00; TE50 V500R002C00SPCb00 and V600R006C00SPCb00; TE60 V100R001C10SPCb00, V500R002C00SPCb00 and V600R006C00SPCb00. Users are advised to upgrade to these fixed versions. There is no mention of a KEV listing or alternative workaround [1].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
4- Huawei Technologies Co., Ltd./DP300; RP200; TE30; TE40; TE50; TE60v5Range: DP300 V500R002C00
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- www.huawei.com/en/psirt/security-advisories/huawei-sa-20180124-01-mgcp-enmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.