Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2017-17137

PEM module of Huawei DP300 V500R002C00; IPS Module V500R001C00; V500R001C30; NGFW Module V500R001C00; V500R002C00; NIP6300 V500R001C00; V500R001C30; NIP6600 V500R001C00; V500R001C30; RP200 V500R002C00; V600R006C00; S12700 V200R007C00; V200R007C01; V200R008C00; V200R009C00; V200R010C00; S1700 V200R006C10; V200R009C00; V200R010C00; S2700 V200R006C10; V200R007C00; V200R008C00; V200R009C00; V200R010C00; S5700 V200R006C00; V200R007C00; V200R008C00; V200R009C00; V200R010C00; S6700 V200R008C00; V200R009C00; V200R010C00; S7700 V200R007C00; V200R008C00; V200R009C00; V200R010C00; S9700 V200R007C00; V200R007C01; V200R008C00; V200R009C00; V200R010C00; Secospace USG6300 V500R001C00; V500R001C30; Secospace USG6500 V500R001C00; V500R001C30; Secospace USG6600 V500R001C00; V500R001C30S; TE30 V100R001C02; V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C01; V100R001C10; V500R002C00; V600R006C00; TP3106 V100R002C00; TP3206 V100R002C00; V100R002C10; USG9500 V500R001C00; V500R001C30; ViewPoint 9030 V100R011C02; V100R011C03 has an Out-of-Bounds memory access vulnerability due to insufficient verification. An authenticated local attacker can make processing crash by a malicious certificate. The attacker can exploit this vulnerability to cause a denial of service.

Security Impact Summary

This vulnerability carries a MEDIUM severity rating with a CVSS v3.1 score of 5.5, requiring local system access to exploit with relatively low complexity without requiring user interaction requiring only low-level privileges . The vulnerability impacts and availability (service disruption) for affected systems. Impacting 48 products from huawei, from huawei, from huawei and 45 others, organizations running these solutions should prioritize assessment and patching.

Historical Context

First disclosed in 2018, this vulnerability was reported during a period defined by widespread IoT adoption challenges, mobile security concerns, and the emergence of advanced persistent threat (APT) techniques. Contemporary mitigation strategies focused on secure development practices and third-party component vetting.

Published

2018-03-05T19:29:00.533

Last Modified

2024-11-21T03:17:33.527

Status

Modified

Source

[email protected]

Severity

CVSSv3.0: 5.5 (MEDIUM)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:N/I:N/A:P

  • Access Vector: LOCAL
  • Access Complexity: LOW
  • Authentication: NONE
  • Confidentiality Impact: NONE
  • Integrity Impact: NONE
  • Availability Impact: PARTIAL
Exploitability Score

3.9

Impact Score

2.9

Weaknesses
  • Type: Primary
    CWE-125
    CWE-787
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Operating System huawei dp300_firmware v500r002c00 Yes
Hardware huawei dp300 - No
Operating System huawei ips_module_firmware v500r001c00 Yes
Operating System huawei ips_module_firmware v500r001c30 Yes
Hardware huawei ips_module - No
Operating System huawei ngfw_module_firmware v500r001c00 Yes
Operating System huawei ngfw_module_firmware v500r002c00 Yes
Hardware huawei ngfw_module - No
Operating System huawei nip6300_firmware v500r001c00 Yes
Operating System huawei nip6300_firmware v500r001c30 Yes
Hardware huawei nip6300 - No
Operating System huawei nip6600_firmware v500r001c00 Yes
Operating System huawei nip6600_firmware v500r001c30 Yes
Hardware huawei nip6600 - No
Operating System huawei rp200_firmware v500r002c00 Yes
Operating System huawei rp200_firmware v600r006c00 Yes
Hardware huawei rp200 - No
Operating System huawei s12700_firmware v200r007c00 Yes
Operating System huawei s12700_firmware v200r007c01 Yes
Operating System huawei s12700_firmware v200r008c00 Yes
Operating System huawei s12700_firmware v200r009c00 Yes
Operating System huawei s12700_firmware v200r010c00 Yes
Hardware huawei s12700 - No
Operating System huawei s1700_firmware v200r006c10 Yes
Operating System huawei s1700_firmware v200r009c00 Yes
Operating System huawei s1700_firmware v200r010c00 Yes
Hardware huawei s1700 - No
Operating System huawei s2700_firmware v200r006c10 Yes
Operating System huawei s2700_firmware v200r007c00 Yes
Operating System huawei s2700_firmware v200r008c00 Yes
Operating System huawei s2700_firmware v200r009c00 Yes
Operating System huawei s2700_firmware v200r010c00 Yes
Hardware huawei s2700 - No
Operating System huawei s5700_firmware v200r006c00 Yes
Operating System huawei s5700_firmware v200r007c00 Yes
Operating System huawei s5700_firmware v200r008c00 Yes
Operating System huawei s5700_firmware v200r009c00 Yes
Operating System huawei s5700_firmware v200r010c00 Yes
Hardware huawei s5700 - No
Operating System huawei s6700_firmware v200r008c00 Yes
Operating System huawei s6700_firmware v200r009c00 Yes
Operating System huawei s6700_firmware v200r010c00 Yes
Hardware huawei s6700 - No
Operating System huawei s7700_firmware v200r007c00 Yes
Operating System huawei s7700_firmware v200r008c00 Yes
Operating System huawei s7700_firmware v200r009c00 Yes
Operating System huawei s7700_firmware v200r010c00 Yes
Hardware huawei s7700 - No
Operating System huawei s9700_firmware v200r007c00 Yes
Operating System huawei s9700_firmware v200r007c01 Yes
Operating System huawei s9700_firmware v200r008c00 Yes
Operating System huawei s9700_firmware v200r009c00 Yes
Operating System huawei s9700_firmware v200r010c00 Yes
Hardware huawei s9700 - No
Operating System huawei secospace_usg6300_firmware v500r001c00 Yes
Operating System huawei secospace_usg6300_firmware v500r001c30 Yes
Hardware huawei secospace_usg6300 - No
Operating System huawei secospace_usg6500_firmware v500r001c00 Yes
Operating System huawei secospace_usg6500_firmware v500r001c30 Yes
Hardware huawei secospace_usg6500 - No
Operating System huawei secospace_usg6600_firmware v500r001c00 Yes
Operating System huawei secospace_usg6600_firmware v500r001c30s Yes
Hardware huawei secospace_usg6600 - No
Operating System huawei te30_firmware v100r001c02 Yes
Operating System huawei te30_firmware v100r001c10 Yes
Operating System huawei te30_firmware v500r002c00 Yes
Operating System huawei te30_firmware v600r006c00 Yes
Hardware huawei te30 - No
Operating System huawei te40_firmware v500r002c00 Yes
Operating System huawei te40_firmware v600r006c00 Yes
Hardware huawei te40 - No
Operating System huawei te50_firmware v500r002c00 Yes
Operating System huawei te50_firmware v600r006c00 Yes
Hardware huawei te50 - No
Operating System huawei te60_firmware v100r001c02 Yes
Operating System huawei te60_firmware v100r001c10 Yes
Operating System huawei te60_firmware v500r002c00 Yes
Operating System huawei te60_firmware v600r006c00 Yes
Hardware huawei te60 - No
Operating System huawei tp3106_firmware v100r002c00 Yes
Hardware huawei tp3106 - No
Operating System huawei tp3206_firmware v100r002c00 Yes
Operating System huawei tp3206_firmware v100r002c10 Yes
Hardware huawei tp3206 - No
Operating System huawei usg9500_firmware v500r001c00 Yes
Operating System huawei usg9500_firmware v500r001c30 Yes
Hardware huawei usg9500 - No
Operating System huawei viewpoint_9030_firmware v100r011c02 Yes
Operating System huawei viewpoint_9030_firmware v100r011c03 Yes
Hardware huawei viewpoint_9030 - No
References

How SecUtils Interprets This CVE

SecUtils normalizes and enriches National Vulnerability Database (NVD) records by standardizing vendor and product identifiers, aggregating vulnerability metadata from both NVD and MITRE sources, and providing structured context for security teams. For huawei's affected products, we extract Common Platform Enumeration (CPE) data, Common Weakness Enumeration (CWE) classifications, CVSS severity metrics, and reference data to enable rapid vulnerability prioritization and asset correlation. This record contains no exploit code, proof-of-concept instructions, or attack methodologies—only defensive intelligence necessary for patch management, risk assessment, and security operations.