Release date:
Updated on:
Affected Systems:
AR Series router 3200
AR Series router 2200
AR Series router 200
AR Series router 150
AR Series router 1200
Description:
--------------------------------------------------------------------------------
Bugtraq id: 59628
The AR series router is a next-generation enterprise-level Router Based on VRP. It integrates routing, switching, 3G, WLAN, voice and security functions.
After SNMPv3 is enabled for AR Series routers, attackers can send malformed SNMPv3 messages to crash vulnerable devices and cause remote denial of service. This vulnerability is caused by insufficient information copies and stack space when parsing and processing SNMPv3 messages. Affected devices and versions: AR 150/200/1200/2200/3200, V200R001, V200R002, and V200R003
<* Source: Robert Paleari (roberto.paleari@emaze.net)
Link: http://secunia.com/advisories/53303/
Http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-260601.htm
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
------
has released a Security Bulletin (hw-260601) and patches for this:
Hw-260601: Security Advisory-Overflow Vulnerabilities in SNMPv3
Link: http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-260601.htm