CVE-2017-17222
Description
An authenticated, remote attacker can execute arbitrary code on Huawei eSpace 7950/8950 by sending crafted packets after a Language Package is uploaded.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
An authenticated, remote attacker can execute arbitrary code on Huawei eSpace 7950/8950 by sending crafted packets after a Language Package is uploaded.
Vulnerability
An authenticated, remote attacker can exploit a remote code execution vulnerability in the Import Language Package function of Huawei eSpace 7950 (V200R003C30) and eSpace 8950 (V200R003C00, V200R003C30). The vulnerability arises because the affected products do not sufficiently verify the packets sent after a Language Package is uploaded [1].
Exploitation
An attacker must have valid credentials and be able to send crafted packets to the target device after the Language Package has been uploaded. The specific sequence of actions needed to trigger the vulnerability is not detailed in the available references, but the advisory confirms that an authenticated, remote attacker can send specially crafted packets to achieve code execution [1].
Impact
Successful exploitation allows the attacker to execute arbitrary code on the affected device. This compromises the confidentiality, integrity, and availability of the system, as the attacker gains complete control over the vulnerable eSpace product [1].
Mitigation
Huawei has released software updates to fix this vulnerability. The resolved versions are eSpace 7950 V200R003C30SPC700 and eSpace 8950 V200R003C00SPCr00 [1]. Users should upgrade to these or later versions as soon as possible.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
3- Range: = V200R003C30
- Range: = V200R003C00; = V200R003C30
- Huawei Technologies Co., Ltd./eSpace 7950; eSpace 8950v5Range: eSpace 7950 V200R003C30
Patches
0No patches discovered yet.
Vulnerability mechanics
No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.
References
1- www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180131-01-espace-enmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.