CVE-2017-17221
Description
Authenticated remote code execution in Huawei eSpace 7950/8950 via crafted packets during Signal Tone import.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Authenticated remote code execution in Huawei eSpace 7950/8950 via crafted packets during Signal Tone import.
Vulnerability
A remote code execution vulnerability exists in the Import Signal Tone function of Huawei eSpace 7950 V200R003C30 and eSpace 8950 V200R003C00, V200R003C30. The flaw arises due to insufficient verification of packets after a Signal Tone file is uploaded by an authenticated user [1].
Exploitation
An attacker must first authenticate to the affected device and have the ability to upload a Signal Tone file. After the upload, the attacker crafts and sends specially crafted packets to the vulnerable function, exploiting the lack of proper verification to execute arbitrary code [1].
Impact
Successful exploitation allows a remote, authenticated attacker to execute arbitrary code on the targeted device, leading to full compromise of the eSpace system [1].
Mitigation
Huawei released software updates to fix the vulnerability. The resolved versions are: eSpace 7950 V200R003C30SPC700, eSpace 8950 V200R003C00SPCr00, and eSpace 8950 V200R003C30SPCr00. Users should upgrade to these fixed versions [1].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
3- Range: V200R003C30
- Range: V200R003C00, V200R003C30
- Huawei Technologies Co., Ltd./eSpace 7950; eSpace 8950v5Range: eSpace 7950 V200R003C30
Patches
0No patches discovered yet.
Vulnerability mechanics
No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.
References
1- www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180131-01-espace-enmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.