Huawei Data Communication: Input Validation Vulnerability in Multiple Huawei Products (huawei-sa-20160427-01-dns) CVE-2016-4087
- CVSSv3 Score
- Vulnerability description
There is an input validation vulnerability in Multiple Huawei products.
- Risk description
There is an input validation vulnerability in Multiple Huawei products, when the debug switch on the device is enabled, an attacker with network access may exploit this vulnerability by crafting malformed DNS packets and sending them to the target device. As for the lacking of input validation, an exploit could allow the attacker to cause a denial of service or remote code execution. (Vulnerability ID: HWPSIRT-2015-12046)This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2016-4087.Huawei has released software updates to fix this vulnerability. This advisory is available in the linked references. An exploit could allow the attacker to cause a denial of service or remote code execution.
See the referenced vendor advisory for a solution.
- Not available