CVE-2017-17281
Description
SFTP module in Huawei DP300 V500R002C00; RP200 V600R006C00; TE30 V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C10; V500R002C00; V600R006C00 has an out-of-bounds read vulnerability. A remote, authenticated attacker could exploit this vulnerability by sending specially crafted messages to a target device. Successful exploit may cause some information leak.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A remote, authenticated attacker can trigger an out-of-bounds read in the SFTP module of multiple Huawei products, leading to information leak.
Vulnerability
An out-of-bounds read vulnerability exists in the SFTP module of several Huawei products: DP300 V500R002C00, RP200 V600R006C00, TE30 V100R001C10, TE30 V500R002C00, TE30 V600R006C00, TE40 V500R002C00, TE40 V600R006C00, TE50 V500R002C00, TE50 V600R006C00, TE60 V100R001C10, TE60 V500R002C00, and TE60 V600R006C00 [1]. The flaw is triggered when the module processes specially crafted messages, leading to memory access outside the expected bounds.
Exploitation
To exploit this vulnerability, an attacker must be remote and have authenticated access to the target device. The attacker then sends specially crafted messages to the SFTP module [1]. No user interaction is required beyond the initial authentication, and the attack does not rely on race conditions or other timing windows.
Impact
Successful exploitation results in an out-of-bounds read, which can cause the device to leak sensitive information from memory. The impact is limited to information disclosure, potentially exposing data that could aid further attacks [1]. There is no indication of privilege escalation or remote code execution from this CVE.
Mitigation
Huawei has released software updates to fix this vulnerability. For DP300, upgrade to V500R002C00SPCb00. For RP200, TE30, TE40, TE50, and TE60, upgrade to the resolved versions listed in the advisory (e.g., TEX0[1] V600R006C00SPC400) [1]. Users should apply these updates as soon as possible. No workarounds are provided for unpatched versions.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
4- Huawei Technologies Co., Ltd./DP300; RP200; TE30; TE40; TE50; TE60v5Range: DP300 V500R002C00
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- www.huawei.com/en/psirt/security-advisories/huawei-sa-20180228-01-sftp-enmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.