Description
Huawei S12700 V200R007C00, V200R008C00, S5700 V200R007C00, S7700 V200R002C00, V200R005C00, V200R006C00, V200R007C00, V200R008C00, S9700 V200R007C00 have an input validation vulnerability. Due to the lack of input validation, an attacker may craft a malformed packet and send it to the device using VRP, causing the device to display additional memory data and possibly leading to sensitive information leakage.
References (2)
Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/95149
Vendor Advisory x_refsource_confirm
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161228-04-vrp-en
Scores
CVSS v3
4.3
EPSS
0.0010
EPSS Percentile
27.7%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
Details
CWE
CWE-20
Status
published
Products (9)
huawei/s12700_firmware
v200r007c00
huawei/s12700_firmware
v200r008c00
huawei/s5700_firmware
v200r007c00
huawei/s7700_firmware
v200r002c00
huawei/s7700_firmware
v200r005c00
huawei/s7700_firmware
v200r006c00
huawei/s7700_firmware
v200r007c00
huawei/s7700_firmware
v200r008c00
huawei/s9700_firmware
v200r007c00
Published
Mar 09, 2018
Tracked Since
Feb 18, 2026