CVE-2017-17215

EPSS 78.6%

In short

The Huawei HG532 router has a vulnerability that allows an authenticated attacker to send specially crafted messages to port 37215 and execute arbitrary code on the device. This means someone with login access could take full control of the router.

Technical detail

Huawei HG532 customized versions are vulnerable to remote code execution via unauthenticated input on port 37215. An authenticated attacker can send malicious packets to achieve arbitrary code execution; the vulnerability requires network access to the affected port and valid authentication credentials to exploit.

Summary generated and translated by AI from the official description.

Huawei HG532 with some customized versions has a remote code execution vulnerability. An authenticated attacker could send malicious packets to port 37215 to launch attacks. Successful exploit could lead to the remote execution of arbitrary code.

Affected products

Huawei Technologies Co., Ltd. · HG532

public PoCs found — 4

githubgithub.com/1337g/CVE-2017-17215★ 26 githubgithub.com/wilfred-wulbou/HG532d-RCE-Exploit★ 8 githubgithub.com/ltfafei/HuaWei_Route_HG532_RCE_CVE-2017-17215★ 0 exploitdbwww.exploit-db.com/exploits/43414unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://www.huawei.com/en/psirt/security-notices/huawei-sn-20171130-01-hg532-en http://www.securityfocus.com/bid/102344