Login Sign Up

CVE-2016-2231

9.8 CRITICAL
Denial of Service Buffer Overflow

📋 TL;DR

This vulnerability in Huawei SmartAX MT882 devices allows remote attackers to cause denial of service or potentially execute arbitrary code by sending crafted traffic to TCP port 8701. The WHIP service improperly trusts client-supplied length fields without proper validation, leading to buffer overflow conditions. Affected organizations using Huawei SmartAX MT882 devices with the vulnerable WHIP service are at risk.

💻 Affected Systems

Products:
  • Huawei SmartAX MT882
Versions: V200R002B022 Arg
Operating Systems: Windows-based WHIP service
Default Config Vulnerable: ⚠️ Yes
Notes: The vulnerability exists in the Windows-based Host Interface Program service specifically.

📦 What is this software?

Mt882 Firmware by Huawei

View all CVEs affecting Mt882 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete device compromise, data exfiltration, and persistent backdoor installation.

🟠

Likely Case

Denial of service causing device outage and network disruption for connected users.

🟢

If Mitigated

Limited impact if network segmentation and access controls prevent external access to port 8701.

🌐 Internet-Facing: HIGH - Directly exploitable over the internet if port 8701 is exposed.
🏢 Internal Only: HIGH - Even internally, this provides a foothold for lateral movement within networks.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Public exploit details available in referenced blog posts, making exploitation straightforward for attackers.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: No official Huawei advisory found

Restart Required: No

Instructions:

Check Huawei support for firmware updates. If unavailable, implement workarounds immediately.

🔧 Temporary Workarounds

Network Access Control

all

Block external access to TCP port 8701 using firewall rules

iptables -A INPUT -p tcp --dport 8701 -j DROP
netsh advfirewall firewall add rule name="Block Huawei WHIP" dir=in action=block protocol=TCP localport=8701

Service Disablement

windows

Disable the WHIP service if not required for operations

sc stop WHIP
sc config WHIP start= disabled

🧯 If You Can't Patch

  • Segment affected devices into isolated network zones with strict access controls
  • Implement network monitoring and intrusion detection for port 8701 traffic patterns

🔍 How to Verify

Check if Vulnerable:

Check device version using web interface or CLI: display version. Look for V200R002B022 Arg. Also check if WHIP service is running on port 8701.

Check Version:

display version (on device CLI) or check web interface system info

Verify Fix Applied:

Verify port 8701 is no longer accessible externally and WHIP service is stopped or updated.

📡 Detection & Monitoring

Log Indicators:

  • Unusual traffic patterns on port 8701
  • WHIP service crashes or restarts
  • Device reboot events

Network Indicators:

  • TCP connections to port 8701 with malformed packets
  • Traffic spikes to port 8701

SIEM Query:

destination_port=8701 AND (packet_size>normal OR protocol_anomaly_detected)

📊 Metadata

CVE ID: CVE-2016-2231
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-19
Published: February 15, 2016
Last Updated: April 12, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2016-2231, you might also want to check these:

CVE-2014-10039 9.8

This vulnerability allows attackers to execute arbitrary code on affected Android devices by manipul...

Same vulnerability type (CWE-19)
CVE-2016-2783 9.8

This vulnerability in Avaya VOSS allows remote attackers to bypass VLAN and I-SIS security controls ...

Same vulnerability type (CWE-19)
CVE-2019-13917 9.8

CVE-2019-13917 is a critical remote code execution vulnerability in Exim mail servers that allows at...

Same vulnerability type (CWE-19)