CVE-2017-17329
Description
Huawei ViewPoint 8660 V100R008C03 have a memory leak vulnerability. The software does not release allocated memory properly when parse XML Schema data. An authenticated attacker could upload a crafted XML file, successful exploit could cause the system service abnormal since run out of memory.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A memory leak in Huawei ViewPoint 8660 V100R008C03 allows authenticated attackers to cause denial of service via crafted XML.
Vulnerability
A memory leak vulnerability exists in Huawei ViewPoint 8660 running version V100R008C03. When parsing XML Schema data, the software fails to properly release allocated memory, leading to progressive memory consumption. An attacker with valid authentication can upload a specially crafted XML file to trigger the leak [1].
Exploitation
An authenticated attacker who can upload files to the device exploits this by providing a crafted XML file that triggers improper memory deallocation during XML Schema parsing. No user interaction beyond the attacker's own authentication is required. The attack does not require network position beyond the ability to reach the upload interface [1].
Impact
Successful exploitation causes the affected service to consume all available memory, leading to a denial of service condition. The impact is limited to service availability; no disclosure of data or code execution is indicated [1].
Mitigation
Huawei released a fixed version V100R008C03SPCc00 to resolve the issue. Customers should upgrade to this version as soon as possible. No workarounds were published. The vulnerability is not listed on CISA KEV [1].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: V100R008C03
- Huawei Technologies Co., Ltd./ViewPoint 8660v5Range: V100R008C03
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- www.huawei.com/en/psirt/security-advisories/huawei-sa-20171206-03-xml-enmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.