CVE-2017-17283
Description
Huawei DP300 V500R002C00, RP200 V500R002C00, V600R006C00, TE30 V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C01, V100R001C10, V500R002C00, V600R006C00 have an out-of-bound read vulnerability. A remote attacker send specially crafted Session Initiation Protocol (SIP) messages to the affected products. Due to insufficient input validation, successful exploit will cause some services abnormal.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
An out-of-bounds read vulnerability in Huawei DP300, RP200, TE30, TE40, TE50, and TE60 allows remote attackers to cause service abnormalities via crafted SIP messages.
Vulnerability
An out-of-bounds read vulnerability exists in the Session Initiation Protocol (SIP) module of several Huawei products. Affected versions include: DP300 V500R002C00, RP200 V500R002C00 and V600R006C00, TE30 V100R001C10, V500R002C00, and V600R006C00, TE40 V500R002C00 and V600R006C00, TE50 V500R002C00 and V600R006C00, and TE60 V100R001C01, V100R001C10, V500R002C00, and V600R006C00. The vulnerability is due to insufficient input validation of SIP messages, allowing a remote attacker to trigger an out-of-bounds read [1].
Exploitation
An attacker with network access to the affected product can send specially crafted SIP messages to the SIP service. No authentication is required. The attacker crafts malicious SIP packets that exploit the insufficient input validation, causing the product to read beyond the intended buffer boundaries [1].
Impact
Successful exploitation causes some services to become abnormal. While the advisory does not specify the exact impact, an out-of-bounds read can lead to denial of service or potential information disclosure, depending on the memory layout [1].
Mitigation
Huawei has released software updates to fix this vulnerability. The resolved versions are: DP300 V500R002C00SPCb00, RP200 V500R002C00SPCb00 and V600R006C00SPCb00, TE30 V100R001C10SPCb00, V500R002C00SPCb00, and V600R006C00SPCb00, TE40 V500R002C00SPCb00 and V600R006C00SPCb00, TE50 V500R002C00SPCb00 and V600R006C00SPCb00, and TE60 V100R001C01SPCb00, V100R001C10SPCb00, V500R002C00SPCb00, and V600R006C00SPCb00. Users should upgrade to the fixed versions. The advisory is available at the Huawei PSIRT page [1]. No workarounds are documented, and this CVE is not listed on the CISA Known Exploited Vulnerabilities catalog.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
4- Huawei Technologies Co., Ltd./DP300,RP200,TE30,TE40,TE50,TE60v5Range: DP300 V500R002C00,RP200 V500R002C00, V600R006C00,TE30 V100R001C10, V500R002C00, V600R006C00,TE40 V500R002C00, V600R006C00,TE50 V500R002C00, V600R006C00,TE60 V100R001C01, V100R001C10, V500R002C00, V600R006C00
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- www.huawei.com/en/psirt/security-advisories/huawei-sa-20180207-02-sip-enmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.