CVE-2017-15344
HIGHHuawei AR3200 V200R006C10-V200R008C30 - Unauthenticated Denial of Service via SCTP Message Integer Overflow
Title source: llmDescription
Huawei AR3200 with software V200R006C10, V200R006C11, V200R007C00, V200R007C01, V200R007C02, V200R008C00, V200R008C10, V200R008C20, V200R008C30 has an integer overflow vulnerability. The software does not sufficiently validate certain field in SCTP messages, a remote unauthenticated attacker could send a crafted SCTP message to the device. Successful exploit could cause system reboot.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171129-02-sctp-en
Scores
CVSS v3
7.5
EPSS
0.0027
EPSS Percentile
50.3%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-190
Status
published
Products (9)
huawei/ar120-s_firmware
v200r006c10
huawei/ar120-s_firmware
v200r007c00
huawei/ar120-s_firmware
v200r008c20
huawei/ar120-s_firmware
v200r008c30
huawei/ar1200_firmware
v200r007c01
huawei/ar1200_firmware
v200r007c02
huawei/ar3200_firmware
v200r006c11
huawei/ar3200_firmware
v200r008c00
huawei/ar3200_firmware
v200r008c10
Published
Feb 15, 2018
Tracked Since
Feb 18, 2026