CVE-2017-15326
MEDIUMDBS3900 TDD LTE V100R003C00, V100R004C10 - Use of a Broken or Risky Cryptographic Algorithm
Title source: llmDescription
DBS3900 TDD LTE V100R003C00, V100R004C10 have a weak encryption algorithm security vulnerability. DBS3900 TDD LTE supports SSL/TLS protocol negotiation using insecure encryption algorithms. If an insecure encryption algorithm is negotiated in the communication, an unauthenticated remote attacker can exploit this vulnerability to crack the encrypted data and cause information leakage.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180321-01-encryption-en
Scores
CVSS v3
4.3
EPSS
0.0004
EPSS Percentile
12.3%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
Details
CWE
CWE-327
Status
published
Products (2)
huawei/dbs3900_tdd_lte_firmware
v100r003c00
huawei/dbs3900_tdd_lte_firmware
v100r004c10
Published
Mar 23, 2018
Tracked Since
Feb 18, 2026