There is a buffer overflow vulnerability in the CRYPTO module of several Huawei products. An unauthenticated, local attacker could craft malformed file with a specific field that the length is longer than the maximum value. Due to insufficient validation of the inputs, successful exploit could cause the system reboot. (Vulnerability ID: HWPSIRT-2017-07009)
There is a null pointer dereference vulnerability in the CRYPTO module of several Huawei products. An unauthenticated, local attacker could craft malformed file with a specific field that the value is a null pointer. Due to insufficient verification of the inputs, successful exploit could cause the system reboot. (Vulnerability ID: HWPSIRT-2017-07010)
Huawei has released software updates to fix these vulnerabilities. This advisory is available at the following link:
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180103-01-crypto-en
CPE | Name | Operator | Version |
---|---|---|---|
dp300 | eq | V500R002C00 | |
rp200 | eq | V500R002C00 | |
rp200 | eq | V600R006C00 | |
te30 | eq | V100R001C02 | |
te30 | eq | V100R001C10 | |
te30 | eq | V500R002C00 | |
te30 | eq | V600R006C00 | |
te40 | eq | V500R002C00 | |
te40 | eq | V600R006C00 | |
te50 | eq | V500R002C00 |