CVE Tools

CVE-2017-17215

Published: Mar 20, 2018Updated: Nov 21, 2024 Sources: CVE List NVD BDUCWE-20

Description

Huawei HG532 with some customized versions has a remote code execution vulnerability. An authenticated attacker could send malicious packets to port 37215 to launch attacks. Successful exploit could lead to the remote execution of arbitrary code.

In plain language

AI Worth attention

If you run a Huawei HG532 router (and especially a customized firmware version), this vulnerability can let a logged-in attacker remotely take control by sending harmful network traffic to port 37215—so you should act, but it’s not usually an “internet-only” risk without credentials.

Executive summary

CVE-2017-17215 is a remote code execution flaw (CWE-20) in Huawei HG532 with some customized firmware versions, triggered via malicious packets to port 37215 by an authenticated attacker.

If affected, business impact
Remote takeover of routerMalicious traffic for DDoSService disruptionLoss of network control

What to do now

  1. Check whether your device is Huawei HG532 (and note whether you have any “customized” firmware).
  2. Verify whether the router is reachable for administration and whether port 37215 is accessible from untrusted networks.
  3. Change the router’s password to a strong, unique value (do not use any default password).
  4. Enable/configure the router’s built-in firewall to restrict management and only allow access from trusted locations (your office/VPN).
  5. If you can, upgrade/replace the router with a version that is confirmed to be fixed by Huawei for your exact HG532 firmware build.
Some work to apply

CVSS Vector Breakdown

AV:NAC:LPR:LUI:NS:UC:HI:HA:H
Exploitability
AV:NAttack Vector
Network
AC:LAttack Complexity
Low
PR:LPrivileges Required
Low
UI:NUser Interaction
None
Scope
S:UScope
Unchanged
Impact
C:HConfidentiality
High
I:HIntegrity
High
A:HAvailability
High

Weaknesses

Affected Products

huawei
commercial·CNaka huawei technologies, honor

Exploitability

2 exploit sources identified

Exploit details including PoC links, Metasploit modules, and scanner templates are available after registration.

View exploit details
Official Patch Available
Workaround Available

Attack Graph

Products CVE Techniques Tactics

Click technique nodes for MITRE ATT&CK details · drag to pan · Ctrl/ + scroll to zoom, or go fullscreen.

MITRE ATT&CK

1 technique
Initial Access
View detailed technique mapping

References

and 5 more references View all →
2

Unlock Complete Vulnerability Intelligence

Get the full picture for CVE-2017-17215 and every CVE in our database. Create a free account — no credit card required.

Create Free Account
Plain-language analysis
Impact assessment and exploitation scenario in plain English
Attack graph visualization
Interactive attack path and kill chain mapping
Exploit details & PoC links
ExploitDB, Metasploit, GitHub PoCs with direct links
Nuclei scanner templates
Ready-to-use vulnerability scanner templates
Full remediation guide
Patch instructions, workarounds, and compliance impact
Interactive AI chat
Ask questions about this vulnerability in natural language
Related vulnerabilities
Semantically similar CVEs and attack patterns
REST API & MCP access
Integrate vulnerability data into your workflows