CVE-2017-15344
CVE-2017-15344
In short
The Huawei AR3200 router has a bug that doesn't properly check certain values in network messages, allowing someone on the internet to send a specially crafted message that crashes the device and forces it to restart.
Technical detail
An integer overflow vulnerability exists in SCTP message handling on affected Huawei AR3200 firmware versions due to insufficient field validation. A remote, unauthenticated attacker can craft and transmit a malicious SCTP packet to trigger the overflow, resulting in denial of service via system reboot.
Summary generated and translated by AI from the official description.
Huawei AR3200 with software V200R006C10, V200R006C11, V200R007C00, V200R007C01, V200R007C02, V200R008C00, V200R008C10, V200R008C20, V200R008C30 has an integer overflow vulnerability. The software does not sufficiently validate certain field in SCTP messages, a remote unauthenticated attacker could send a crafted SCTP message to the device. Successful exploit could cause system reboot.
Affected products
Huawei Technologies Co., Ltd. · AR3200Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →