CVE-2017-5544
Severity CVSS v4.0:
Pending analysis
Type:
CWE-400
Uncontrolled Resource Consumption ('Resource Exhaustion')
Publication date:
23/01/2017
Last modified:
20/04/2025
Description
An issue was discovered on FiberHome Fengine S5800 switches V210R240. An unauthorized attacker can access the device's SSH service, using a password cracking tool to establish SSH connections quickly. This will trigger an increase in the SSH login timeout (each of the login attempts will occupy a connection slot for a longer time). Once this occurs, legitimate login attempts via SSH/telnet will be refused, resulting in a denial of service; you must restart the device.
Impact
Base Score 3.x
5.90
Severity 3.x
MEDIUM
Base Score 2.0
7.10
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:fiberhome:fengine_s5800_firmware:v210r240:*:*:*:*:*:*:* | ||
| cpe:2.3:h:fiberhome:fengine_28f-s:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:fiberhome:fengine_52f-s:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:fiberhome:fengine_52t-s:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:fiberhome:fengine_s5800-28t-s:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:fiberhome:fengine_s5800-28t-s-pe:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page