CVE-2017-17282
Description
SCCP (Signalling Connection Control Part) module in Huawei DP300 V500R002C00, RP200 V500R002C00, V600R006C00, TE30 V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C10, V500R002C00, V600R006C00 has a buffer overflow vulnerability. An attacker has to find a way to send malformed packets to the affected products repeatedly. Due to insufficient input validation, successful exploit may cause some service abnormal.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Buffer overflow in Huawei SCCP module allows repeated malformed packets to cause service disruption.
Vulnerability
A buffer overflow vulnerability exists in the SCCP (Signalling Connection Control Part) module of multiple Huawei products: DP300 V500R002C00, RP200 V500R002C00 and V600R006C00, TE30 V100R001C10, V500R002C00, and V600R006C00, TE40 V500R002C00 and V600R006C00, TE50 V500R002C00 and V600R006C00, and TE60 V100R001C10, V500R002C00, and V600R006C00. The vulnerability is due to insufficient input validation when processing SCCP messages. An attacker must repeatedly send specially crafted, malformed packets to the affected products to trigger the overflow [1].
Exploitation
To exploit this vulnerability, an attacker needs network access to send malformed SCCP packets to the target device. The attacker must repeatedly send these crafted packets to the affected products. No authentication is specified as a requirement, and no user interaction from the victim is needed beyond the device being reachable [1].
Impact
Successful exploitation can cause abnormal behavior in the affected services. The advisory states that the impact is service abnormality, which may include denial of service or disruption of normal operation. No further consequence such as code execution or data exfiltration is explicitly mentioned in the available references [1].
Mitigation
Huawei has released software updates to fix this vulnerability. For affected versions, the resolved product and versions are: DP300 upgrade to V500R02C00SPC00, RP200 and TE-series products upgrade to TEX0[1] V600R006C00SPC500. Users should apply the updates provided in the advisory [1].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
4- Range: Multiple versions per model
- Huawei Technologies Co., Ltd./DP300, RP200, TE30, TE40, TE50, TE60v5Range: DP300 V500R002C00, RP200 V500R002C00, V600R006C00, TE30 V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C10, V500R002C00, V600R006C00
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- www.huawei.com/en/psirt/security-advisories/huawei-sa-20180228-01-sccp-enmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.