CVE-2017-17148
Severity CVSS v4.0:
Pending analysis
Type:
CWE-20
Input Validation
Publication date:
09/03/2018
Last modified:
29/03/2018
Description
Huawei DP300 V500R002C00 have a DoS vulnerability due to the lack of validation when the malloc is called. An authenticated local attacker can craft specific XML files to the affected products and parse this file, which result in DoS attacks.
Impact
Base Score 3.x
5.50
Severity 3.x
MEDIUM
Base Score 2.0
4.90
Severity 2.0
MEDIUM
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:o:huawei:dp300_firmware:*:*:*:*:*:*:*:* | v500r002c00 (including) | |
cpe:2.3:h:huawei:dp300:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page