CVE-2017-17215

HIGH EXPLOITED IN THE WILD

Huawei HG532 - RCE

Title source: llm

Description

Huawei HG532 with some customized versions has a remote code execution vulnerability. An authenticated attacker could send malicious packets to port 37215 to launch attacks. Successful exploit could lead to the remote execution of arbitrary code.

Exploits (4)

exploitdb WORKING POC

by anonymous · pythonwebappshardware

https://www.exploit-db.com/exploits/43414

View Code ZIP pw:eip

nomisec WRITEUP 26 stars

by 1337g · poc

https://github.com/1337g/CVE-2017-17215

View Code ZIP pw:eip

nomisec WORKING POC 8 stars

by wilfred-wulbou · remote-auth

https://github.com/wilfred-wulbou/HG532d-RCE-Exploit

View Code ZIP pw:eip

nomisec WRITEUP

by ltfafei · poc

https://github.com/ltfafei/HuaWei_Route_HG532_RCE_CVE-2017-17215

View Code ZIP pw:eip

References (2)

[Mitigation, Vendor Advisory] http://www.huawei.com/en/psirt/security-notices/huawei-sn-20171130-01-hg532-en

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/102344

Scores

CVSS v3 8.8

EPSS 0.9294

EPSS Percentile 99.8%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2017-12-21

InTheWild.io 2017-12-21

CWE

CWE-20

Status published

Products (1)

huawei/hg532_firmware

Published Mar 20, 2018

Tracked Since Feb 18, 2026