On November 27, 2017, Huawei received a notification about a possible remote code execution vulnerability (CVE-2017-17215) regarding Huawei HG532 from Muhammad Mukatren of Check Point Software Technologies Research Department, which also released a security advisory CPAI-2017-1016 but without detailed vulnerability information publicly.
Following the situation, Huawei immediately launched an investigation. Now it has been confirmed that this vulnerability exists. An authenticated attacker could send malicious packets to port 37215 to launch attacks. Successful exploit could lead to the remote execution of arbitrary code.
Customers can take the following measures to circumvent or prevent the exploit of this vulnerability. For details, consult the local service provider or Huawei TAC.
(1) Configure the built-in firewall function.
(2) Change the default password.
(3) Deploy a firewall at the carrier side.
The customers can deploy Huawei NGFWs (Next Generation Firewall) or data center firewalls, and upgrade the IPS signature database to the latest version IPS_H20011000_2017120100 released on December 1, 2017 to detect and defend against this vulnerability exploits initiated from the Internet.
Huawei has established a lifecycle management system and clarified the product lifecycle policy and product termination policy, and has been implementing lifecycle management in accordance with industry practices. For non-End of Service products, Huawei has communicated with customers and provided fix versions based on customers' opinions. For End of Service products, Huawei advises customers to take temporary fixes to circumvent or prevent vulnerability exploit or replace old Huawei routers with higher versions.
The investigation is still ongoing. Huawei PSIRT will keep updating the SN and will give the related views as soon as possible.
2018-02-06 V1.5 UPDATED Updated the description
2017-12-22 V1.4 UPDATED Added the description of solution
2017-12-14 V1.3 UPDATED Added CVE-ID
2017-12-07 V1.2 UPDATED Added Temporary Fixes
2017-12-06 V1.1 UPDATED Added the IPS signature
2017-11-30 V1.0 INITIAL
Huawei adheres to protecting the ultimate interests of users with best efforts and the principle of responsible disclosure and deal with product security issues through our response mechanism.
To enjoy Huawei PSIRT services and obtain Huawei product vulnerability information, please visit http://www.huawei.com/en/psirt.
To report a security vulnerability in Huawei products and solutions, please send it to PSIRT@huawei.com. For details, please visit http://www.huawei.com/en/psirt/report-vulnerabilities.