Multiple vulnerabilities in Some Huawei Products
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 2 |
| CVE-ID | CVE-2019-19416 CVE-2019-19415 |
| CWE-ID | CWE-835 CWE-119 |
| Exploitation vector | Network |
| Public exploit |
Public exploit code for vulnerability #1 is available. Public exploit code for vulnerability #2 is available. |
| Vulnerable software |
Huawei AR120-S Hardware solutions / Routers & switches, VoIP, GSM, etc Huawei AR1200 Hardware solutions / Routers & switches, VoIP, GSM, etc Huawei AR1200-S Hardware solutions / Routers & switches, VoIP, GSM, etc Huawei AR150 Hardware solutions / Routers & switches, VoIP, GSM, etc Huawei AR150-S Hardware solutions / Routers & switches, VoIP, GSM, etc Huawei AR160 Hardware solutions / Routers & switches, VoIP, GSM, etc Huawei AR200 Hardware solutions / Routers & switches, VoIP, GSM, etc Huawei AR200-S Hardware solutions / Routers & switches, VoIP, GSM, etc Huawei AR2200 Hardware solutions / Routers & switches, VoIP, GSM, etc Huawei AR2200-S Hardware solutions / Routers & switches, VoIP, GSM, etc Huawei AR3200 Hardware solutions / Routers & switches, VoIP, GSM, etc Huawei AR3600 Hardware solutions / Routers & switches, VoIP, GSM, etc Huawei AR510 Hardware solutions / Routers & switches, VoIP, GSM, etc Huawei NetEngine16EX Hardware solutions / Routers & switches, VoIP, GSM, etc Huawei SRG1300 Hardware solutions / Routers & switches, VoIP, GSM, etc Huawei SRG2300 Hardware solutions / Routers & switches, VoIP, GSM, etc Huawei SRG3300 Hardware solutions / Routers & switches, VoIP, GSM, etc USG9500 Hardware solutions / Routers & switches, VoIP, GSM, etc Huawei USG9520 Hardware solutions / Routers & switches, VoIP, GSM, etc Huawei USG9560 Hardware solutions / Routers & switches, VoIP, GSM, etc Huawei DP300 Server applications / Conferencing, Collaboration and VoIP solutions Huawei SMC2.0 Server applications / Conferencing, Collaboration and VoIP solutions Huawei TE30 Server applications / Conferencing, Collaboration and VoIP solutions Huawei TE40 Server applications / Conferencing, Collaboration and VoIP solutions Huawei TE50 Server applications / Conferencing, Collaboration and VoIP solutions Huawei TE60 Server applications / Conferencing, Collaboration and VoIP solutions Huawei TP3206 Server applications / Conferencing, Collaboration and VoIP solutions Huawei IPS Module Server applications / IDS/IPS systems, Firewalls and proxy servers Huawei NIP6300 Server applications / IDS/IPS systems, Firewalls and proxy servers Huawei NIP6600 Server applications / IDS/IPS systems, Firewalls and proxy servers Huawei NIP6800 Server applications / IDS/IPS systems, Firewalls and proxy servers Huawei NGFW Module Server applications / Other server solutions Huawei SVN5600 Server applications / Other server solutions Huawei SVN5800 Server applications / Other server solutions Huawei SVN5800-C Server applications / Other server solutions RSE6500 Hardware solutions / Other hardware appliances Huawei SeMG9811 Other software / Other software solutions Huawei Secospace USG6300 Server applications / Server solutions for antivurus protection Huawei Secospace USG6500 Server applications / Server solutions for antivurus protection Huawei Secospace USG6600 Server applications / Server solutions for antivurus protection Huawei SoftCo Client/Desktop applications / Other client software Huawei ViewPoint 8660 Client/Desktop applications / Other client software Huawei ViewPoint 9030 Client/Desktop applications / Other client software Huawei eSpace U1910 Client/Desktop applications / Other client software Huawei eSpace U1911 Client/Desktop applications / Other client software Huawei eSpace U1930 Client/Desktop applications / Other client software Huawei eSpace U1960 Client/Desktop applications / Other client software Huawei eSpace U1980 Client/Desktop applications / Other client software Huawei VP9660 Hardware solutions / Firmware Huawei eSpace U1981 Server applications / Remote management servers, RDP, SSH |
| Vendor | Huawei |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
1) Infinite loop
EUVDB-ID: #VU24379
Risk: Medium
CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2019-19416
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop when processing packets in the SIP module. A remote attacker can send a specially crafted message, consume all available system resources and cause denial of service conditions.
MitigationInstall updates from vendor's website.
Vulnerable software versionsHuawei AR120-S: V200R006C10 - V200R008C20
Huawei AR1200: V200R006C10 - V200R007C00
Huawei AR1200-S: V200R006C10 - V200R008C20
Huawei AR150: V200R006C10 - V200R007C01
Huawei AR150-S: V200R006C10SPC300 - V200R008C20
Huawei AR160: V200R006C10 - V200R007C00
Huawei AR200: V200R006C10 - V200R007C01
Huawei AR200-S: V200R006C10 - V200R008C30
Huawei AR2200: V200R006C10 - V200R006C16PWE
Huawei AR2200-S: V200R006C10 - V200R008C20
Huawei AR3200: V200R006C10 - V200R008C30
Huawei AR3600: V200R006C10 - V200R008C20
Huawei AR510: V200R006C10 - V200R008C30
Huawei DP300: V500R002C00
Huawei IPS Module: V100R001C10 - V100R001C30
Huawei NGFW Module: V100R001C10 - V100R001C30
Huawei NIP6300: V500R001C00 - V500R001C30
Huawei NIP6600: V500R001C00 - V500R001C30
Huawei NIP6800: V500R001C30 - V500R001C50
Huawei NetEngine16EX: V200R006C10 - V200R008C20
RSE6500: V500R002C00
Huawei SMC2.0: V100R003C00SPC200T - V600R006C00
Huawei SRG1300: V200R006C10 - V200R008C30
Huawei SRG2300: V200R006C10 - V200R008C30
Huawei SRG3300: V200R006C10 - V200R008C30
Huawei SVN5600: V200R003C00 - V200R003C10
Huawei SVN5800: V200R003C00 - V200R003C10
Huawei SVN5800-C: V200R003C00 - V200R003C10
Huawei SeMG9811: V300R001C01SPCa00 - V300R001C01SPC700
Huawei Secospace USG6300: V100R001C10 - V500R001C50
Huawei Secospace USG6500: V100R001C10 - V500R001C50
Huawei Secospace USG6600: V100R001C00 - V500R001C50
Huawei SoftCo: V200R001C01SPC300 - V200R003C20
Huawei TE30: V100R001C02SPC100 - V600R006C00
Huawei TE40: V500R002C00SPCb00 - V600R006C00
Huawei TE50: V500R002C00SPCb00 - V600R006C00
Huawei TE60: V100R001C01SPC100 - V600R006C00
Huawei TP3206: V100R002C00
USG9500: V300R001C01 - V500R001C50
Huawei USG9520: V300R001C01SPC800PWE
Huawei USG9560: V300R001C20SPC300
Huawei VP9660: V200R001C02SPC100 - V500R002C10SPC100
Huawei ViewPoint 8660: V100R008C03SPCc00 - V100R008C03SPC900
Huawei ViewPoint 9030: V100R011C02SPC100 - V100R011C03SPC500
Huawei eSpace U1910: V100R001C20SPC300 - V200R003C30
Huawei eSpace U1911: V100R001C20SPC300 - V200R003C30
Huawei eSpace U1930: V100R001C20SPC300 - V200R003C30
Huawei eSpace U1960: V100R001C01SPC500 - V200R003C30
Huawei eSpace U1980: V100R001C01SPC500T - V200R003C30
Huawei eSpace U1981: V100R001C20SPC300 - V200R003C50SPC900
CPE2.3- cpe:2.3:h:huawei:huawei_ar120-s:V200R006C10:*:*:*:*:*:*:
- cpe:2.3:h:huawei:huawei_ar120-s:V200R007C00:*:*:*:*:*:*:
- cpe:2.3:h:huawei:huawei_ar120-s:V200R008C20:*:*:*:*:*:*:
- cpe:2.3:h:huawei:huawei_ar1200:V200R006C10:*:*:*:*:*:*:
- cpe:2.3:h:huawei:huawei_ar1200:V200R006C13:*:*:*:*:*:*:
- cpe:2.3:h:huawei:huawei_ar1200:V200R007C00:*:*:*:*:*:*:
- cpe:2.3:h:huawei:ar1200-s:V200R006C10:*:*:*:*:*:*:
- cpe:2.3:h:huawei:ar1200-s:V200R007C00:*:*:*:*:*:*:
- cpe:2.3:h:huawei:ar1200-s:V200R008C20:*:*:*:*:*:*:
- cpe:2.3:h:huawei:ar150:V200R006C10:*:*:*:*:*:*:
- cpe:2.3:h:huawei:ar150-s:V200R006C10SPC300:*:*:*:*:*:*:
- cpe:2.3:h:huawei:ar160:V200R006C10:*:*:*:*:*:*:
- cpe:2.3:h:huawei:ar200:V200R006C10:*:*:*:*:*:*:
- cpe:2.3:h:huawei:ar200-s:V200R006C10:*:*:*:*:*:*:
- cpe:2.3:h:huawei:ar2200:V200R006C10:*:*:*:*:*:*:
- cpe:2.3:h:huawei:ar2200-s:V200R006C10:*:*:*:*:*:*:
- cpe:2.3:h:huawei:ar3200:V200R006C10:*:*:*:*:*:*:
- cpe:2.3:h:huawei:ar3600:V200R006C10:*:*:*:*:*:*:
- cpe:2.3:h:huawei:huawei_ar510:V200R006C10:*:*:*:*:*:*:
- cpe:2.3:a:huawei:huawei_dp300:V500R002C00:*:*:*:*:*:*:
- cpe:2.3:a:huawei:huawei_ips_module:V100R001C10:*:*:*:*:*:*:
- cpe:2.3:a:huawei:huawei_ngfw_module:V100R001C10:*:*:*:*:*:*:
- cpe:2.3:a:huawei:huawei_nip6300:V500R001C00:*:*:*:*:*:*:
- cpe:2.3:a:huawei:huawei_nip6600:V500R001C00:*:*:*:*:*:*:
- cpe:2.3:a:huawei:huawei_nip6800:V500R001C30:*:*:*:*:*:*:
- cpe:2.3:h:huawei:netengine16ex:V200R006C10:*:*:*:*:*:*:
- cpe:2.3:h:huawei:rse6500:V500R002C00:*:*:*:*:*:*:
- cpe:2.3:a:huawei:huawei_smc2.0:V100R003C00SPC200T:*:*:*:*:*:*:
- cpe:2.3:h:huawei:srg1300:V200R006C10:*:*:*:*:*:*:
- cpe:2.3:h:huawei:srg2300:V200R006C10:*:*:*:*:*:*:
- cpe:2.3:h:huawei:srg3300:V200R006C10:*:*:*:*:*:*:
- cpe:2.3:a:huawei:huawei_svn5600:V200R003C00:*:*:*:*:*:*:
- cpe:2.3:a:huawei:huawei_svn5800:V200R003C00:*:*:*:*:*:*:
- cpe:2.3:a:huawei:huawei_svn5800-c:V200R003C00:*:*:*:*:*:*:
- cpe:2.3:a:huawei:huawei_semg9811:V300R001C01SPCa00:*:*:*:*:*:*:
- cpe:2.3:a:huawei:huawei_secospace_usg6300:V100R001C10:*:*:*:*:*:*:
- cpe:2.3:a:huawei:huawei_secospace_usg6500:V100R001C10:*:*:*:*:*:*:
- cpe:2.3:a:huawei:huawei_secospace_usg6600:V100R001C00:*:*:*:*:*:*:
- cpe:2.3:a:huawei:huawei_softco:V200R001C01SPC300:*:*:*:*:*:*:
- cpe:2.3:a:huawei:huawei_te30:V100R001C02SPC100:*:*:*:*:*:*:
- cpe:2.3:a:huawei:huawei_te40:V500R002C00SPCb00:*:*:*:*:*:*:
- cpe:2.3:a:huawei:huawei_te50:V500R002C00SPCb00:*:*:*:*:*:*:
- cpe:2.3:a:huawei:huawei_te60:V100R001C01SPC100:*:*:*:*:*:*:
- cpe:2.3:a:huawei:huawei_tp3206:V100R002C00:*:*:*:*:*:*:
- cpe:2.3:h:huawei:usg9500:V300R001C01:*:*:*:*:*:*:
- cpe:2.3:h:huawei:huawei_usg9520:V300R001C01SPC800PWE:*:*:*:*:*:*:
- cpe:2.3:h:huawei:huawei_usg9560:V300R001C20SPC300:*:*:*:*:*:*:
- cpe:2.3:h:huawei:huawei_vp9660:V200R001C02SPC100:*:*:*:*:*:*:
- cpe:2.3:a:huawei:huawei_viewpoint_8660:V100R008C03SPCc00:*:*:*:*:*:*:
- cpe:2.3:a:huawei:huawei_viewpoint_9030:V100R011C02SPC100:*:*:*:*:*:*:
- cpe:2.3:a:huawei:huawei_espace_u1910:V100R001C20SPC300:*:*:*:*:*:*:
- cpe:2.3:a:huawei:huawei_espace_u1911:V100R001C20SPC300:*:*:*:*:*:*:
- cpe:2.3:a:huawei:huawei_espace_u1930:V100R001C20SPC300:*:*:*:*:*:*:
- cpe:2.3:a:huawei:huawei_espace_u1960:V100R001C01SPC500:*:*:*:*:*:*:
- cpe:2.3:a:huawei:huawei_espace_u1980:V100R001C01SPC500T:*:*:*:*:*:*:
- cpe:2.3:a:huawei:huawei_espace_u1981:V100R001C20SPC300:*:*:*:*:*:*:
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-sip-en
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
2) Buffer overflow
EUVDB-ID: #VU24353
Risk: Medium
CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2019-19415
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to the insufficient verification of the packets in the SIP module. A remote attacker can send a specially crafted message, trigger memory corruption and cause a denial of service on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsHuawei AR120-S: V200R006C10 - V200R008C20
Huawei AR1200: V200R006C10 - V200R007C00
Huawei AR1200-S: V200R006C10 - V200R008C20
Huawei AR150: V200R006C10 - V200R007C01
Huawei AR150-S: V200R006C10SPC300 - V200R008C20
Huawei AR160: V200R006C10 - V200R007C00
Huawei AR200: V200R006C10 - V200R007C01
Huawei AR200-S: V200R006C10 - V200R008C30
Huawei AR2200: V200R006C10 - V200R006C16PWE
Huawei AR2200-S: V200R006C10 - V200R008C20
Huawei AR3200: V200R006C10 - V200R008C30
Huawei AR3600: V200R006C10 - V200R008C20
Huawei AR510: V200R006C10 - V200R008C30
Huawei DP300: V500R002C00
Huawei IPS Module: V100R001C10 - V100R001C30
Huawei NGFW Module: V100R001C10 - V100R001C30
Huawei NIP6300: V500R001C00 - V500R001C30
Huawei NIP6600: V500R001C00 - V500R001C30
Huawei NIP6800: V500R001C30 - V500R001C50
Huawei NetEngine16EX: V200R006C10 - V200R008C20
RSE6500: V500R002C00
Huawei SMC2.0: V100R003C00SPC200T - V600R006C00
Huawei SRG1300: V200R006C10 - V200R008C30
Huawei SRG2300: V200R006C10 - V200R008C30
Huawei SRG3300: V200R006C10 - V200R008C30
Huawei SVN5600: V200R003C00 - V200R003C10
Huawei SVN5800: V200R003C00 - V200R003C10
Huawei SVN5800-C: V200R003C00 - V200R003C10
Huawei SeMG9811: V300R001C01SPCa00 - V300R001C01SPC700
Huawei Secospace USG6300: V100R001C10 - V500R001C50
Huawei Secospace USG6500: V100R001C10 - V500R001C50
Huawei Secospace USG6600: V100R001C00 - V500R001C50
Huawei SoftCo: V200R001C01SPC300 - V200R003C20
Huawei TE30: V100R001C02SPC100 - V600R006C00
Huawei TE40: V500R002C00SPCb00 - V600R006C00
Huawei TE50: V500R002C00SPCb00 - V600R006C00
Huawei TE60: V100R001C01SPC100 - V600R006C00
Huawei TP3206: V100R002C00
USG9500: V300R001C01 - V500R001C50
Huawei USG9520: V300R001C01SPC800PWE
Huawei USG9560: V300R001C20SPC300
Huawei VP9660: V200R001C02SPC100 - V500R002C10SPC100
Huawei ViewPoint 8660: V100R008C03SPCc00 - V100R008C03SPC900
Huawei ViewPoint 9030: V100R011C02SPC100 - V100R011C03SPC500
Huawei eSpace U1910: V100R001C20SPC300 - V200R003C30
Huawei eSpace U1911: V100R001C20SPC300 - V200R003C30
Huawei eSpace U1930: V100R001C20SPC300 - V200R003C30
Huawei eSpace U1960: V100R001C01SPC500 - V200R003C30
Huawei eSpace U1980: V100R001C01SPC500T - V200R003C30
Huawei eSpace U1981: V100R001C20SPC300 - V200R003C50SPC900
CPE2.3- cpe:2.3:h:huawei:huawei_ar120-s:V200R006C10:*:*:*:*:*:*:
- cpe:2.3:h:huawei:huawei_ar120-s:V200R007C00:*:*:*:*:*:*:
- cpe:2.3:h:huawei:huawei_ar120-s:V200R008C20:*:*:*:*:*:*:
- cpe:2.3:h:huawei:huawei_ar1200:V200R006C10:*:*:*:*:*:*:
- cpe:2.3:h:huawei:huawei_ar1200:V200R006C13:*:*:*:*:*:*:
- cpe:2.3:h:huawei:huawei_ar1200:V200R007C00:*:*:*:*:*:*:
- cpe:2.3:h:huawei:ar1200-s:V200R006C10:*:*:*:*:*:*:
- cpe:2.3:h:huawei:ar1200-s:V200R007C00:*:*:*:*:*:*:
- cpe:2.3:h:huawei:ar1200-s:V200R008C20:*:*:*:*:*:*:
- cpe:2.3:h:huawei:ar150:V200R006C10:*:*:*:*:*:*:
- cpe:2.3:h:huawei:ar150-s:V200R006C10SPC300:*:*:*:*:*:*:
- cpe:2.3:h:huawei:ar160:V200R006C10:*:*:*:*:*:*:
- cpe:2.3:h:huawei:ar200:V200R006C10:*:*:*:*:*:*:
- cpe:2.3:h:huawei:ar200-s:V200R006C10:*:*:*:*:*:*:
- cpe:2.3:h:huawei:ar2200:V200R006C10:*:*:*:*:*:*:
- cpe:2.3:h:huawei:ar2200-s:V200R006C10:*:*:*:*:*:*:
- cpe:2.3:h:huawei:ar3200:V200R006C10:*:*:*:*:*:*:
- cpe:2.3:h:huawei:ar3600:V200R006C10:*:*:*:*:*:*:
- cpe:2.3:h:huawei:huawei_ar510:V200R006C10:*:*:*:*:*:*:
- cpe:2.3:a:huawei:huawei_dp300:V500R002C00:*:*:*:*:*:*:
- cpe:2.3:a:huawei:huawei_ips_module:V100R001C10:*:*:*:*:*:*:
- cpe:2.3:a:huawei:huawei_ngfw_module:V100R001C10:*:*:*:*:*:*:
- cpe:2.3:a:huawei:huawei_nip6300:V500R001C00:*:*:*:*:*:*:
- cpe:2.3:a:huawei:huawei_nip6600:V500R001C00:*:*:*:*:*:*:
- cpe:2.3:a:huawei:huawei_nip6800:V500R001C30:*:*:*:*:*:*:
- cpe:2.3:h:huawei:netengine16ex:V200R006C10:*:*:*:*:*:*:
- cpe:2.3:h:huawei:rse6500:V500R002C00:*:*:*:*:*:*:
- cpe:2.3:a:huawei:huawei_smc2.0:V100R003C00SPC200T:*:*:*:*:*:*:
- cpe:2.3:h:huawei:srg1300:V200R006C10:*:*:*:*:*:*:
- cpe:2.3:h:huawei:srg2300:V200R006C10:*:*:*:*:*:*:
- cpe:2.3:h:huawei:srg3300:V200R006C10:*:*:*:*:*:*:
- cpe:2.3:a:huawei:huawei_svn5600:V200R003C00:*:*:*:*:*:*:
- cpe:2.3:a:huawei:huawei_svn5800:V200R003C00:*:*:*:*:*:*:
- cpe:2.3:a:huawei:huawei_svn5800-c:V200R003C00:*:*:*:*:*:*:
- cpe:2.3:a:huawei:huawei_semg9811:V300R001C01SPCa00:*:*:*:*:*:*:
- cpe:2.3:a:huawei:huawei_secospace_usg6300:V100R001C10:*:*:*:*:*:*:
- cpe:2.3:a:huawei:huawei_secospace_usg6500:V100R001C10:*:*:*:*:*:*:
- cpe:2.3:a:huawei:huawei_secospace_usg6600:V100R001C00:*:*:*:*:*:*:
- cpe:2.3:a:huawei:huawei_softco:V200R001C01SPC300:*:*:*:*:*:*:
- cpe:2.3:a:huawei:huawei_te30:V100R001C02SPC100:*:*:*:*:*:*:
- cpe:2.3:a:huawei:huawei_te40:V500R002C00SPCb00:*:*:*:*:*:*:
- cpe:2.3:a:huawei:huawei_te50:V500R002C00SPCb00:*:*:*:*:*:*:
- cpe:2.3:a:huawei:huawei_te60:V100R001C01SPC100:*:*:*:*:*:*:
- cpe:2.3:a:huawei:huawei_tp3206:V100R002C00:*:*:*:*:*:*:
- cpe:2.3:h:huawei:usg9500:V300R001C01:*:*:*:*:*:*:
- cpe:2.3:h:huawei:huawei_usg9520:V300R001C01SPC800PWE:*:*:*:*:*:*:
- cpe:2.3:h:huawei:huawei_usg9560:V300R001C20SPC300:*:*:*:*:*:*:
- cpe:2.3:h:huawei:huawei_vp9660:V200R001C02SPC100:*:*:*:*:*:*:
- cpe:2.3:a:huawei:huawei_viewpoint_8660:V100R008C03SPCc00:*:*:*:*:*:*:
- cpe:2.3:a:huawei:huawei_viewpoint_9030:V100R011C02SPC100:*:*:*:*:*:*:
- cpe:2.3:a:huawei:huawei_espace_u1910:V100R001C20SPC300:*:*:*:*:*:*:
- cpe:2.3:a:huawei:huawei_espace_u1911:V100R001C20SPC300:*:*:*:*:*:*:
- cpe:2.3:a:huawei:huawei_espace_u1930:V100R001C20SPC300:*:*:*:*:*:*:
- cpe:2.3:a:huawei:huawei_espace_u1960:V100R001C01SPC500:*:*:*:*:*:*:
- cpe:2.3:a:huawei:huawei_espace_u1980:V100R001C01SPC500T:*:*:*:*:*:*:
- cpe:2.3:a:huawei:huawei_espace_u1981:V100R001C20SPC300:*:*:*:*:*:*:
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-sip-en
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
