CVE-2017-15333

MEDIUM

Huawei S12700 S1700 S5700 S6700 S7700 S9700 eCNS210_TD Firmware - Denial of Service via XML Parser

Title source: llm

Description

XML parser in Huawei S12700 V200R005C00,S1700 V200R009C00, V200R010C00,S3700 V100R006C03, V100R006C05,S5700 V200R001C00, V200R002C00, V200R003C00, V200R003C02, V200R005C00, V200R006C00, V200R007C00, V200R008C00, V200R009C00, V200R010C00,S6700 V200R001C00, V200R002C00, V200R003C00, V200R005C00, V200R005C02, V200R008C00, V200R009C00, V200R010C00,S7700 V200R001C00, V200R002C00, V200R003C00, V200R005C00, V200R006C00, V200R007C00, V200R008C00, V200R009C00, V200R010C00,S9700 V200R001C00, V200R002C00, V200R003C00, V200R005C00, V200R006C00, V200R007C00, V200R008C00, V200R009C00, V200R010C00,eCNS210_TD V100R004C10, V100R004C10SPC003, V100R004C10SPC100, V100R004C10SPC101, V100R004C10SPC102, V100R004C10SPC200, V100R004C10SPC221, V100R004C10SPC400 has a DOS vulnerability. An attacker may craft specific XML files to the affected products. Due to not check the specially XML file and to parse this file, successful exploit will result in DOS attacks.

References (1)

Core 1

Core References

Vendor Advisory x_refsource_confirm

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171201-01-xml-en

Scores

CVSS v3 4.7

EPSS 0.0008

EPSS Percentile 22.8%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H

Details

CWE

CWE-20

Status published

Products (47)

huawei/ecns210_td_firmware v100r004c10

huawei/ecns210_td_firmware v100r004c10spc003

huawei/ecns210_td_firmware v100r004c10spc100

huawei/ecns210_td_firmware v100r004c10spc101

huawei/ecns210_td_firmware v100r004c10spc102

huawei/ecns210_td_firmware v100r004c10spc200

huawei/ecns210_td_firmware v100r004c10spc221

huawei/ecns210_td_firmware v100r004c10spc400

huawei/s12700_firmware v200r005c00

huawei/s1700_firmware v200r009c00

... and 37 more

Published Feb 15, 2018

Tracked Since Feb 18, 2026