CVE-2017-8163

Name: CVE-2017-8163
Creator: NVD / NIST
Published: 2017-11-22T19:29:03.803+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 0.80%

Last modified Jun 17, 2026

CVE-2017-8163 is a vulnerability of currently unknown severity. AR120-S with software V200R006C10, V200R007C00, V200R008C20, V200R008C30,AR1200 with software V200R006C10, V200R006C13, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30,AR1200-S with software V200R006C10, V200R007C00, V200R008C20, V200R008C30,AR150 with software V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30,AR150-S with software V200R006C10, V200R007C00, V200R008C20, V200R008C30,AR160 with software V200R006C10, V200R006C12, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30,AR200 with software V200R006C10, V200R007C00, V200R007C01, V200R008C20, V200R008C30,AR200-S with software V200R006C10, V200R007C00, V200R008C20, V200R008C30,AR2200 with software V200R006C10, V200R006C13, V200R006C16PWE, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30,AR2200-S with software V200R006C10, V200R007C00, V200R008C20, V200R008C30,AR3200 with software V200R006C10, V200R006C11, V200R007C00, V200R007C01, V200R007C02, V200R008C00, V200R008C10, V200R008C20, V200R008C30,AR510 with software V200R006C10, V200R006C12, V200R006C13, V200R006C15, V200R006C16, V200R006C17, V200R007C00, V200R008C20, V200R008C30,NetEngine16EX with software V200R006C10, V200R007C00, V200R008C20, V200R008C30,SMC2.0 with software V100R003C10, V100R005C00, V500R002C00, V600R006C00,SRG1300 with software V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30,SRG2300 with software V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30,SRG3300 with software V200R006C10, V200R007C00, V200R008C20, V200R008C30 have an out-of-bounds read vulnerability. Due to insufficient input validation, an authenticated, remote attacker could send specially crafted message to the target device.Successful exploit of the vulnerability could cause out-of-bounds read and system crash.. EPSS estimates a 0.80% chance of exploitation in the next 30 days.

Description

AR120-S with software V200R006C10, V200R007C00, V200R008C20, V200R008C30,AR1200 with software V200R006C10, V200R006C13, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30,AR1200-S with software V200R006C10, V200R007C00, V200R008C20, V200R008C30,AR150 with software V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30,AR150-S with software V200R006C10, V200R007C00, V200R008C20, V200R008C30,AR160 with software V200R006C10, V200R006C12, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30,AR200 with software V200R006C10, V200R007C00, V200R007C01, V200R008C20, V200R008C30,AR200-S with software V200R006C10, V200R007C00, V200R008C20, V200R008C30,AR2200 with software V200R006C10, V200R006C13, V200R006C16PWE, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30,AR2200-S with software V200R006C10, V200R007C00, V200R008C20, V200R008C30,AR3200 with software V200R006C10, V200R006C11, V200R007C00, V200R007C01, V200R007C02, V200R008C00, V200R008C10, V200R008C20, V200R008C30,AR510 with software V200R006C10, V200R006C12, V200R006C13, V200R006C15, V200R006C16, V200R006C17, V200R007C00, V200R008C20, V200R008C30,NetEngine16EX with software V200R006C10, V200R007C00, V200R008C20, V200R008C30,SMC2.0 with software V100R003C10, V100R005C00, V500R002C00, V600R006C00,SRG1300 with software V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30,SRG2300 with software V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30,SRG3300 with software V200R006C10, V200R007C00, V200R008C20, V200R008C30 have an out-of-bounds read vulnerability. Due to insufficient input validation, an authenticated, remote attacker could send specially crafted message to the target device.Successful exploit of the vulnerability could cause out-of-bounds read and system crash.

Metrics

EPSS Probability

0.80%

51.8th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-125

Affected Software

Vendor	Product	Versions
Huawei	Ar120-S Firmware	v200r006c10
Huawei	Ar120-S Firmware	v200r007c00
Huawei	Ar120-S Firmware	v200r008c20
Huawei	Ar120-S Firmware	v200r008c30
Huawei	Ar1200 Firmware	v200r006c10
Huawei	Ar1200 Firmware	v200r006c13
Huawei	Ar1200 Firmware	v200r007c00
Huawei	Ar1200 Firmware	v200r007c01
Huawei	Ar1200 Firmware	v200r007c02
Huawei	Ar1200 Firmware	v200r008c20
Huawei	Ar1200 Firmware	v200r008c30
Huawei	Ar1200-S Firmware	v200r006c10
Huawei	Ar1200-S Firmware	v200r007c00
Huawei	Ar1200-S Firmware	v200r008c20
Huawei	Ar1200-S Firmware	v200r008c30
Huawei	Ar150 Firmware	v200r006c10
Huawei	Ar150 Firmware	v200r007c00
Huawei	Ar150 Firmware	v200r007c01
Huawei	Ar150 Firmware	v200r007c02
Huawei	Ar150 Firmware	v200r008c20
Huawei	Ar150 Firmware	v200r008c30
Huawei	Ar150-S Firmware	v200r006c10
Huawei	Ar150-S Firmware	v200r007c00
Huawei	Ar150-S Firmware	v200r008c20
Huawei	Ar150-S Firmware	v200r008c30
Huawei	Ar160 Firmware	v200r006c10
Huawei	Ar160 Firmware	v200r006c12
Huawei	Ar160 Firmware	v200r007c00
Huawei	Ar160 Firmware	v200r007c01
Huawei	Ar160 Firmware	v200r007c02
Huawei	Ar160 Firmware	v200r008c20
Huawei	Ar160 Firmware	v200r008c30
Huawei	Ar200 Firmware	v200r006c10
Huawei	Ar200 Firmware	v200r007c00
Huawei	Ar200 Firmware	v200r007c01
Huawei	Ar200 Firmware	v200r008c20
Huawei	Ar200 Firmware	v200r008c30
Huawei	Ar200-S Firmware	v200r006c10
Huawei	Ar200-S Firmware	v200r007c00
Huawei	Ar200-S Firmware	v200r008c20
Huawei	Ar200-S Firmware	v200r008c30
Huawei	Ar2200 Firmware	v200r006c10
Huawei	Ar2200 Firmware	v200r006c13
Huawei	Ar2200 Firmware	v200r006c16pwe
Huawei	Ar2200 Firmware	v200r007c00
Huawei	Ar2200 Firmware	v200r007c01
Huawei	Ar2200 Firmware	v200r007c02
Huawei	Ar2200 Firmware	v200r008c20
Huawei	Ar2200 Firmware	v200r008c30
Huawei	Ar2200-S Firmware	v200r006c10

Showing 50 of 93 affected configurations. See NVD for the full list.

References

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171018-01-h323-enVendor Advisory
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171018-01-h323-enVendor Advisory

Timeline

Published: Nov 22, 2017
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2017-8163?

How severe is CVE-2017-8163?

Severity scoring for CVE-2017-8163 is pending analysis. The EPSS model estimates a 0.80% probability of exploitation in the next 30 days.

How do I fix CVE-2017-8163?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2017-8163?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST