Security Advisory - Buffer Overflow Vulnerability in Huawei Several Products

ID HUAWEI-SA-20160511-01-ASPF
Type huawei
Reporter Huawei Technologies
Modified 2016-05-18T00:00:00


There is a vulnerability in several Huawei devices: USG series, NGFW Module, IPS Module, NIP series and AntiDDoS8000.

These products have a buffer overflow vulnerability in the Application Specific Packet Filtering (ASPF) function. An attacker may craft a malformed packet with illegitimate parameters, leading to denial of service or the potential execution of arbitrary code. (Vulnerability ID: HWPSIRT-2016-04005)

This vulnerability has been assigned Common Vulnerabilities and Exposures (CVE) ID: CVE-2016-4576.

Huawei has released software updates to fix these vulnerabilities. This advisory is available at the following link: