CVE-2017-15326

DBS3900 TDD LTE V100R003C00, V100R004C10 have a weak encryption algorithm security vulnerability. DBS3900 TDD LTE supports SSL/TLS protocol negotiation using insecure encryption algorithms. If an insecure encryption algorithm is negotiated in the communication, an unauthenticated remote attacker can exploit this vulnerability to crack the encrypted data and cause information leakage.

Published: Mar 23, 2018
Updated: Apr 13, 2023
CVE: CVE-2017-15326
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 4.3
AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:P/I:N/A:N

CWEs:

CWE-327

OWASP TOP 10:

A3 - Sensitive Data Exposure

Affected Software
References

Software	From	Fixed in
huawei / dbs3900_tdd_lte_firmware	100r003c00	100r003c00.x
huawei / dbs3900_tdd_lte_firmware	100r004c10	100r004c10.x

http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180321-01-encryption-en

Vulnerability Database

289,784

CVE-2017-15326