Security Advisory - Numeric Errors Vulnerability in Some Huawei Routers

Some Huawei routers have a numeric errors vulnerability. An unauthenticated, remote attacker may send specific TCP messages with keychain authentication option to the affected products. Due to the improper validation of the messages, it will cause numeric errors when handling the messages. Successful exploit will cause the affected products to reset. (Vulnerability ID: HWPSIRT-2016-08021)

This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2017-17300.

Huawei has released software updates to fix this vulnerability. This advisory is available at the following link:

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171215-01-router-en