Unrated severityNVD Advisory· Published Mar 9, 2018· Updated Aug 5, 2024

CVE-2017-17218

Description

SCCPX module in Huawei DP300 V500R002C00; RP200 V500R002C00; V600R006C00; TE30 V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C10; V500R002C00; V600R006C00 has an out-of-bounds read vulnerability. An unauthenticated, remote attacker crafts malformed packets with specific parameter to the affected products. Due to insufficient validation of packets, successful exploitation may impact availability of product service.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

An out-of-bounds read in Huawei SCCPX module allows unauthenticated remote attackers to cause denial of service via malformed packets.

Vulnerability

An out-of-bounds read vulnerability exists in the SCCPX module of multiple Huawei video conferencing products, including DP300 V500R002C00, RP200 V500R002C00 and V600R006C00, TE30 V100R001C10, V500R002C00, and V600R006C00, TE40 V500R002C00 and V600R006C00, TE50 V500R002C00 and V600R006C00, and TE60 V100R001C10, V500R002C00, and V600R006C00 [1]. The vulnerability is due to insufficient validation of malformed packets with specific parameters sent to the SCCPX module [1].

Exploitation

An unauthenticated, remote attacker can exploit this vulnerability by crafting and sending malformed packets with a specific parameter to an affected product [1]. No authentication or user interaction is required; the attacker only needs network access to the target device [1].

Impact

Successful exploitation of the out-of-bounds read may impact the availability of the product service, leading to a denial-of-service condition [1]. The vulnerability does not appear to allow arbitrary code execution or privilege escalation based on available documentation [1].

Mitigation

Huawei has released software updates to fix this vulnerability; affected users should update to the resolved product versions listed in the security advisory [1]. The advisory recommends upgrading to the specific fixed versions for each product model as provided in the reference [1].

References

Security Advisory - Three Vulnerabilities in SCCPX Module of Some Huawei Products

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Huawei/Te30llm-fuzzy
Range: V100R001C10; V500R002C00; V600R006C00
Huawei/DP300llm-fuzzy
Range: V500R002C00
Huawei/RP200llm-fuzzy
Range: V500R002C00; V600R006C00

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.huawei.com/en/psirt/security-advisories/huawei-sa-20180207-01-sccpx-enmitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000