Security Notice - Statement on Remote Code Execution Vulnerability in Huawei HG532 Product

On November 27, 2017, Huawei received a notification about a possible remote code execution vulnerability (CVE-2017-17215) regarding Huawei HG532 from Muhammad Mukatren of Check Point Software Technologies Research Department, which also released a security advisory CPAI-2017-1016 but without detailed vulnerability information publicly.

Following the situation, Huawei immediately launched an investigation. Now it has been confirmed that this vulnerability exists. An authenticated attacker could send malicious packets to port 37215 to launch attacks. Successful exploit could lead to the remote execution of arbitrary code.

Customers can take the following measures to circumvent or prevent the exploit of this vulnerability. For details, consult the local service provider or Huawei TAC.

(1)     Configure the built-in firewall function.

(2)     Change the default password.

(3)     Deploy a firewall at the carrier side.

The customers can deploy Huawei NGFWs (Next Generation Firewall) or data center firewalls, and upgrade the IPS signature database to the latest version IPS_H20011000_2017120100 released on December 1, 2017 to detect and defend against this vulnerability exploits initiated from the Internet.

Huawei has established a lifecycle management system and clarified the product lifecycle policy and product termination policy, and has been implementing lifecycle management in accordance with industry practices. For non-End of Service products, Huawei has communicated with customers and provided fix versions based on customers' opinions. For End of Service products, Huawei advises customers to take temporary fixes to circumvent or prevent vulnerability exploit or replace old Huawei routers with higher versions.