CVE-2017-2690
MEDIUMHuawei SoftCo and eSpace U1910/U1911/U1930/U1960/U1980/U1981 - Denial of Service via Malicious File Upload
Title source: llmDescription
SoftCo with software V200R003C20,eSpace U1910 with software V200R003C00, V200R003C20 and V200R003C30,eSpace U1911 with software V200R003C20, V200R003C30,eSpace U1930 with software V200R003C20 and V200R003C30,eSpace U1960 with software V200R003C20, V200R003C30,eSpace U1980 with software V200R003C20, V200R003C30,eSpace U1981 with software V200R003C20 and V200R003C30 have an denial of service (DoS) vulnerability, which allow an attacker with specific permission to craft a file containing malicious data and upload it to the device to exhaust memory, causing a DoS condition.
References (2)
Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/95382
Vendor Advisory x_refsource_confirm
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170111-01-parser-en
Scores
CVSS v3
5.5
EPSS
0.0002
EPSS Percentile
7.2%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-400
Status
published
Products (15)
huawei/espace_u1910_firmware
v200r003c00
huawei/espace_u1910_firmware
v200r003c20
huawei/espace_u1910_firmware
v200r003c30
huawei/espace_u1911_firmware
v200r003c20
huawei/espace_u1911_firmware
v200r003c30
huawei/espace_u1930_firmware
v200r003c20
huawei/espace_u1930_firmware
v200r003c30
huawei/espace_u1960_firmware
v200r003c20
huawei/espace_u1960_firmware
v200r003c30
huawei/espace_u1980_firmware
v200r003c20
... and 5 more
Published
Nov 22, 2017
Tracked Since
Feb 18, 2026