var-201802-0543
Vulnerability from variot
Huawei AR3200 with software V200R006C10, V200R006C11, V200R007C00, V200R007C01, V200R007C02, V200R008C00, V200R008C10, V200R008C20, V200R008C30 has an integer overflow vulnerability. The software does not sufficiently validate certain field in SCTP messages, a remote unauthenticated attacker could send a crafted SCTP message to the device. Successful exploit could cause system reboot. The Huawei AR3200 series enterprise router is a new generation network product launched by Huawei. The attacker successfully sends the vulnerability to the system by sending a special SCTP packet to the device. The following versions are affected: Huawei AR3200 V200R006C10, V200R006C11, V200R007C00, V200R007C01, V200R007C02, V200R008C00, V200R008C10, V200R008C20, and V230R008C
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201802-0543",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ar1200",
"scope": "eq",
"trust": 1.6,
"vendor": "huawei",
"version": "v200r007c02"
},
{
"model": "ar1200",
"scope": "eq",
"trust": 1.6,
"vendor": "huawei",
"version": "v200r007c01"
},
{
"model": "ar120-s",
"scope": "eq",
"trust": 1.6,
"vendor": "huawei",
"version": "v200r008c30"
},
{
"model": "ar3200",
"scope": "eq",
"trust": 1.6,
"vendor": "huawei",
"version": "v200r008c00"
},
{
"model": "ar3200",
"scope": "eq",
"trust": 1.6,
"vendor": "huawei",
"version": "v200r008c10"
},
{
"model": "ar120-s",
"scope": "eq",
"trust": 1.6,
"vendor": "huawei",
"version": "v200r007c00"
},
{
"model": "ar120-s",
"scope": "eq",
"trust": 1.6,
"vendor": "huawei",
"version": "v200r006c10"
},
{
"model": "ar120-s",
"scope": "eq",
"trust": 1.6,
"vendor": "huawei",
"version": "v200r008c20"
},
{
"model": "ar3200",
"scope": "eq",
"trust": 1.6,
"vendor": "huawei",
"version": "v200r006c11"
},
{
"model": "ar120-s",
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"model": "ar1200",
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"model": "ar3200",
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"model": "ar3200 v200r007c00",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
},
{
"model": "ar3200 v200r006c10",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
},
{
"model": "ar3200 v200r008c20",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
},
{
"model": "ar3200 v200r006c11",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
},
{
"model": "ar3200 v200r007c01",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
},
{
"model": "ar3200 v200r007c02",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
},
{
"model": "ar3200 v200r008c00",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
},
{
"model": "ar3200 v200r008c10",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
},
{
"model": "ar3200 v200r008c30",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-35596"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012321"
},
{
"db": "NVD",
"id": "CVE-2017-15344"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-1147"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:huawei:ar1200_firmware:v200r007c01:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:huawei:ar120-s_firmware:v200r006c10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:huawei:ar120-s_firmware:v200r008c20:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:huawei:ar120-s_firmware:v200r008c30:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:huawei:ar3200_firmware:v200r008c00:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:huawei:ar3200_firmware:v200r008c10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:huawei:ar1200_firmware:v200r007c02:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:huawei:ar3200_firmware:v200r006c11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:huawei:ar120-s_firmware:v200r007c00:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:huawei:ar3200:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-15344"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Huawei internal tester",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201711-1147"
}
],
"trust": 0.6
},
"cve": "CVE-2017-15344",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.8,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2017-15344",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-35596",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-106157",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2017-15344",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-15344",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2017-35596",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201711-1147",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-106157",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-35596"
},
{
"db": "VULHUB",
"id": "VHN-106157"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012321"
},
{
"db": "NVD",
"id": "CVE-2017-15344"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-1147"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Huawei AR3200 with software V200R006C10, V200R006C11, V200R007C00, V200R007C01, V200R007C02, V200R008C00, V200R008C10, V200R008C20, V200R008C30 has an integer overflow vulnerability. The software does not sufficiently validate certain field in SCTP messages, a remote unauthenticated attacker could send a crafted SCTP message to the device. Successful exploit could cause system reboot. The Huawei AR3200 series enterprise router is a new generation network product launched by Huawei. The attacker successfully sends the vulnerability to the system by sending a special SCTP packet to the device. The following versions are affected: Huawei AR3200 V200R006C10, V200R006C11, V200R007C00, V200R007C01, V200R007C02, V200R008C00, V200R008C10, V200R008C20, and V230R008C",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-15344"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012321"
},
{
"db": "CNVD",
"id": "CNVD-2017-35596"
},
{
"db": "VULHUB",
"id": "VHN-106157"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-15344",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012321",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201711-1147",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2017-35596",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-106157",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-35596"
},
{
"db": "VULHUB",
"id": "VHN-106157"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012321"
},
{
"db": "NVD",
"id": "CVE-2017-15344"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-1147"
}
]
},
"id": "VAR-201802-0543",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-35596"
},
{
"db": "VULHUB",
"id": "VHN-106157"
}
],
"trust": 1.6734449666666666
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-35596"
}
]
},
"last_update_date": "2023-12-18T12:19:07.215000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "huawei-sa-20171129-02-sctp",
"trust": 0.8,
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171129-02-sctp-en"
},
{
"title": "HuaweiAR3200 Buffer Overflow Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/107409"
},
{
"title": "Huawei AR3200 Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=76802"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-35596"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012321"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-1147"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-190",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-106157"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012321"
},
{
"db": "NVD",
"id": "CVE-2017-15344"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171129-02-sctp-en"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-15344"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-15344"
},
{
"trust": 0.6,
"url": "http://www.huawei.com/cn/psirt/security-advisories/2017/huawei-sa-20171129-02-sctp-cn"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-35596"
},
{
"db": "VULHUB",
"id": "VHN-106157"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012321"
},
{
"db": "NVD",
"id": "CVE-2017-15344"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-1147"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-35596"
},
{
"db": "VULHUB",
"id": "VHN-106157"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012321"
},
{
"db": "NVD",
"id": "CVE-2017-15344"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-1147"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-11-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-35596"
},
{
"date": "2018-02-15T00:00:00",
"db": "VULHUB",
"id": "VHN-106157"
},
{
"date": "2018-03-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-012321"
},
{
"date": "2018-02-15T16:29:00.953000",
"db": "NVD",
"id": "CVE-2017-15344"
},
{
"date": "2017-11-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201711-1147"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-11-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-35596"
},
{
"date": "2018-02-22T00:00:00",
"db": "VULHUB",
"id": "VHN-106157"
},
{
"date": "2018-03-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-012321"
},
{
"date": "2018-02-22T14:40:18.153000",
"db": "NVD",
"id": "CVE-2017-15344"
},
{
"date": "2017-11-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201711-1147"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201711-1147"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Huawei AR3200 Software integer overflow vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-012321"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201711-1147"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.