CVE-2017-17215

HIGH EXPLOITED IN THE WILD

Huawei HG532 Firmware - Authenticated Remote Code Execution via Port 37215

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2017-17215 has been observed exploited in the wild (reported by VulnCheck KEV, InTheWild.io). EIP tracks 4 public exploits from researchers including anonymous, 1337g, wilfred-wulbou.

AI-analyzed exploit summary This exploit targets CVE-2027-17215, a command injection vulnerability in Huawei HG532 routers. It sends a malicious SOAP request to the DeviceUpgrade_1 endpoint, allowing arbitrary command execution via the NewStatusURL field.

Description

Huawei HG532 with some customized versions has a remote code execution vulnerability. An authenticated attacker could send malicious packets to port 37215 to launch attacks. Successful exploit could lead to the remote execution of arbitrary code.

Exploits (4)

exploitdb WORKING POC
by anonymous · pythonwebappshardware
https://www.exploit-db.com/exploits/43414

This exploit targets CVE-2027-17215, a command injection vulnerability in Huawei HG532 routers. It sends a malicious SOAP request to the DeviceUpgrade_1 endpoint, allowing arbitrary command execution via the NewStatusURL field.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Huawei HG532 routers (firmware versions prior to fix)
Auth required
Prerequisites: List of target IPs · Network access to port 37215
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WRITEUP 26 stars
by 1337g · poc
https://github.com/1337g/CVE-2017-17215

This repository contains a README describing CVE-2017-17215, a vulnerability in Huawei routers, but does not include actual exploit code. The author mentions the exploit was already public and references a blog post about its use in botnets.

Classification
Writeup 80%
Attack Type
Rce
Complexity
Theoretical
Reliability
Theoretical
Target: Huawei routers (specific version not specified)
No auth needed
Prerequisites: Access to the target router's web interface on port 37215
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 8 stars
by wilfred-wulbou · remote-auth
https://github.com/wilfred-wulbou/HG532d-RCE-Exploit

This is a functional RCE exploit for CVE-2017-17215 targeting Huawei HG532d routers. It leverages a UPnP vulnerability via a crafted SOAP request to execute arbitrary commands, bypassing input sanitization.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Huawei HG532d Home Gateway Router (customized versions)
Auth required
Prerequisites: Network access to port 37215 · Valid credentials for HTTP Digest Auth
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WRITEUP
by ltfafei · poc
https://github.com/ltfafei/HuaWei_Route_HG532_RCE_CVE-2017-17215

This repository provides a writeup and screenshots for CVE-2017-17215, a command injection vulnerability in Huawei HG532 routers. It references external implementations in Go and POCsuite but does not contain actual exploit code.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Huawei HG532 router
No auth needed
Prerequisites: Network access to the vulnerable router
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/102344

Scores

CVSS v3 8.8
EPSS 0.7861
EPSS Percentile 99.5%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2017-12-21
InTheWild.io 2017-12-21
CWE
CWE-20
Status published
Products (1)
huawei/hg532_firmware
Published Mar 20, 2018
Tracked Since Feb 18, 2026