CVE-2017-17223
Description
Directory traversal in Huawei eSpace 79xx/89xx IP phones lets an authenticated attacker upload/download arbitrary files, causing info leaks and system crash.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Directory traversal in Huawei eSpace 79xx/89xx IP phones lets an authenticated attacker upload/download arbitrary files, causing info leaks and system crash.
Vulnerability
A directory traversal vulnerability exists in Huawei eSpace 7910 (V200R003C30), eSpace 7950 (V200R003C30), and eSpace 8950 (V200R003C00 and V200R003C30). An authenticated, remote attacker can craft a specific URL to the affected products; due to insufficient verification of the URL, the attacker can traverse directories [1].
Exploitation
The attacker must be authenticated (valid credentials to the eSpace phone) and have network access to the device. By sending a specially crafted HTTP request with directory traversal sequences (e.g., ../) in the URL, the attacker can cause the phone to read or write files outside the intended web root directory [1].
Impact
Successful exploitation allows the attacker to upload and download arbitrary files from the device's filesystem. This leads to information disclosure (e.g., configuration or credentials) and can also result in a system crash due to overwriting critical files, causing denial of service [1].
Mitigation
Huawei released fixed versions: eSpace 7910 and 7950 upgrade to V200R003C30SPC700; eSpace 8950 upgrades to V200R003C00SPCr00 or V200R003C30SPC700. Users should apply the updates available in the security advisory [1].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
4- Range: V200R003C30
- Range: V200R003C30
- Range: V200R003C00, V200R003C30
- Huawei Technologies Co., Ltd./eSpace 7910; eSpace 7950; eSpace 8950v5Range: eSpace 7910 V200R003C30
Patches
0No patches discovered yet.
Vulnerability mechanics
No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.
References
1- www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180131-02-espace-enmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.