CVE-2017-17160

MEDIUM

Huawei AR Series Firmware - Unauthenticated Out-of-bounds Write via IKE Packet

Title source: llm
STIX 2.1

Description

Huawei AR120-S V200R006C10, V200R007C00, AR1200 V200R006C10, V200R006C13, V200R007C00, V200R007C02, AR1200-S V200R006C10, V200R007C00, V200R008C20, AR150 V200R006C10, V200R007C00, V200R007C02, AR150-S V200R006C10, V200R007C00, AR160 V200R006C10, V200R006C12, V200R007C00, V200R007C02, AR200 V200R006C10, V200R007C00, AR200-S V200R006C10, V200R007C00, AR2200 V200R006C10, V200R006C13, V200R006C16PWE, V200R007C00, V200R007C02, AR2200-S V200R006C10, V200R007C00, V200R008C20, AR3200 V200R006C10, V200R006C11, V200R007C00, V200R007C02, AR3600 V200R006C10, V200R007C00, AR510 V200R006C12, V200R006C13, V200R006C15, V200R006C16, V200R006C17, V200R007C00, NetEngine16EX V200R006C10, V200R007C00, SRG1300 V200R006C10, V200R007C00, V200R007C02, SRG2300 V200R006C10, V200R007C00, V200R007C02, SRG3300 V200R006C10, V200R007C00 have a buffer overflow vulnerability due to incomplete range checks of the input data. An unauthenticated, remote attacker could exploit this vulnerability by sending malicious IKE packets to the targeted device. An exploit could allow the attacker to cause the device to write out of bound and restart.

References (1)

Core 1
Core References

Scores

CVSS v3 5.9
EPSS 0.0027
EPSS Percentile 50.1%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE
CWE-787
Status published
Products (50)
huawei/ar120-s_firmware v200r006c10
huawei/ar120-s_firmware v200r007c00
huawei/ar1200-s_firmware v200r006c10
huawei/ar1200-s_firmware v200r007c00
huawei/ar1200-s_firmware v200r008c20
huawei/ar1200_firmware v200r006c10
huawei/ar1200_firmware v200r006c13
huawei/ar1200_firmware v200r007c00
huawei/ar1200_firmware v200r007c02
huawei/ar150-s_firmware v200r006c10
... and 40 more
Published Feb 15, 2018
Tracked Since Feb 18, 2026