CVE-2017-17131
MEDIUMHuawei DP300, RP200, TE30, TE50, TE60, VP9660 Firmware - Denial of Service via Malformed PuTTY Key File
Title source: llmDescription
Huawei DP300 V500R002C00; RP200 V500R002C00; V600R006C00; TE30 V100R001C10; V600R006C00; TE50 V600R006C00; TE60 V100R001C10; V500R002C00; V600R006C00; VP9660 V500R002C10 have an DoS vulnerability due to insufficient validation of the parameter when a putty comment key is loaded. An authenticated remote attacker can place a malformed putty key file in system when a system manager load the key an infinite loop happens which lead to reboot the system.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171206-01-vpp-en
Scores
CVSS v3
5.7
EPSS
0.0084
EPSS Percentile
53.1%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
Details
CWE
CWE-835
Status
published
Products (10)
huawei/dp300_firmware
v500r002c00
huawei/rp200_firmware
v500r002c00
huawei/rp200_firmware
v600r006c00
huawei/te30_firmware
v100r001c10
huawei/te30_firmware
v600r006c00
huawei/te50_firmware
v600r006c00
huawei/te60_firmware
v100r001c10
huawei/te60_firmware
v500r002c00
huawei/te60_firmware
v600r006c00
huawei/vp9660_firmware
v500r002c10
Published
Mar 05, 2018
Tracked Since
Feb 18, 2026