VYPR
← All advisories
Unrated severityNVD Advisory· Published Mar 9, 2018· Updated Aug 5, 2024

CVE-2017-17330

CVE-2017-17330

Description

Huawei AR3200 V200R005C32; V200R006C10; V200R006C11; V200R007C00; V200R007C01; V200R007C02; V200R008C00; V200R008C10; V200R008C20; V200R008C30; NGFW Module V500R001C00; V500R001C20; V500R002C00 have a memory leak vulnerability. The software does not release allocated memory properly when parse XML element data. An authenticated attacker could upload a crafted XML file, successful exploit could cause the system service abnormal since run out of memory.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Memory leak in Huawei AR3200 and NGFW Module when parsing XML allows authenticated attacker to cause denial of service via crafted XML file.

Vulnerability

A memory leak vulnerability exists in Huawei AR3200 (versions V200R005C32, V200R006C10, V200R006C11, V200R007C00, V200R007C01, V200R007C02, V200R008C00, V200R008C10, V200R008C20, V200R008C30) and NGFW Module (versions V500R001C00, V500R001C20, V500R002C00). The software fails to release allocated memory properly when parsing XML element data, leading to progressive memory exhaustion [1].

Exploitation

An authenticated attacker must upload a crafted XML file to the affected device. No additional network access or user interaction is required beyond valid credentials. The attacker triggers the memory leak by sending the malicious XML payload, which the system processes without freeing allocated memory [1].

Impact

Successful exploitation causes the system to run out of memory, resulting in abnormal behavior of system services. This constitutes a denial-of-service (DoS) condition, as the device becomes unable to perform normal operations [1].

Mitigation

Huawei has released software updates to address this vulnerability. For AR3200, upgrade to V200R009C00. For NGFW Module, refer to the vendor advisory for the corresponding fixed versions. No workarounds are documented. The advisory is available at the link in [1].

References
  1. Security Advisory - Memory Leak Vulnerability in Several Huawei Products

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

3
  • Huawei/AR3200llm-fuzzy
    Range: V200R005C32 - V200R008C30
  • Huawei/NGFW Modulellm-fuzzy
    Range: V500R001C00; V500R001C20; V500R002C00
  • Huawei Technologies Co., Ltd./AR3200; NGFW Modulev5
    Range: AR3200 V200R005C32

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

1

News mentions

0

No linked articles in our index yet.