CVE-2017-17317
Description
Common Open Policy Service Protocol (COPS) module in Huawei USG6300 V100R001C10; V100R001C20; V100R001C30; V500R001C00; V500R001C20; V500R001C30; V500R001C50; Secospace USG6500 V100R001C10; V100R001C20; V100R001C30; V500R001C00; V500R001C20; V500R001C30; V500R001C50; Secospace USG6600 V100R001C00; V100R001C20; V100R001C30; V500R001C00; V500R001C20; V500R001C30; V500R001C50; TE30 V100R001C02; V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C01; V100R001C10; V500R002C00; V600R006C00 has a buffer overflow vulnerability. An unauthenticated, remote attacker has to control the peer device and send specially crafted message to the affected products. Due to insufficient input validation, successful exploit may cause some services abnormal.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A buffer overflow in the COPS module of multiple Huawei products allows an unauthenticated remote attacker controlling a peer device to cause service abnormalities.
Vulnerability
The Common Open Policy Service Protocol (COPS) module in several Huawei product families contains a buffer overflow vulnerability. Affected products include USG6300, USG6500, USG6600, TE30, TE40, TE50, TE60, DP300, and RP200 running specific firmware versions: USG6300/6500/6600 on V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50; TE30 on V100R001C02, V100R001C10, V500R002C00, V600R006C00; TE40/TE50 on V500R002C00, V600R006C00; TE60 on V100R001C01, V100R001C10, V500R002C00, V600R006C00; DP300 on V500R002C00; RP200 on V500R002C00 and V600R006C00. The vulnerability is triggered when the device receives specially crafted COPS messages due to insufficient input validation [1].
Exploitation
An unauthenticated, remote attacker must first control a peer device that communicates with the affected product over the COPS protocol. The attacker then sends a specially crafted COPS message to the target. No authentication or user interaction is required; the attacker only needs network access to the COPS service [1].
Impact
Successful exploitation of the buffer overflow can cause some services of the affected product to become abnormal. While the description does not specify remote code execution or data disclosure, the service disruption constitutes a denial-of-service condition that can impact availability [1].
Mitigation
Huawei has released software updates to fix this vulnerability. Resolved versions include: for USG6300/6500/6600, upgrade to V500R001C50SPCxxx (specific service pack not listed); for DP300 V500R002C00, upgrade to V500R002C00SPCb00; for RP200, upgrade to TEX0 V600R006C00SPC500; for TE30, upgrade to V600R006C00SPC500; and similarly for TE40, TE50, and TE60. Customers should contact Huawei support or refer to the security advisory for exact patch details [1].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
4- Range: V100R001C10; V100R001C20; V100R001C30; V500R001C00; V500R001C20; V500R001C30; V500R001C50;
- Huawei Technologies Co., Ltd./DP300; IPS Module; NGFW Module; RP200; Secospace USG6300; Secospace USG6500; Secospace USG6600; TE30; TE40; TE50; TE60v5Range: USG6300 V100R001C10
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- www.huawei.com/en/psirt/security-advisories/huawei-sa-20180630-01-cops-enmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.