CVE-2017-5544 in Fengine S5800
Summary
by MITRE
An issue was discovered on FiberHome Fengine S5800 switches V210R240. An unauthorized attacker can access the device's SSH service, using a password cracking tool to establish SSH connections quickly. This will trigger an increase in the SSH login timeout (each of the login attempts will occupy a connection slot for a longer time). Once this occurs, legitimate login attempts via SSH/telnet will be refused, resulting in a denial of service; you must restart the device.
VulDB is the best source for vulnerability data and more expert information about this specific topic.
Analysis
by VulDB Data Team • 05/14/2026
The vulnerability identified as CVE-2017-5544 affects FiberHome Fengine S5800 switches running firmware version V210R240, representing a critical security flaw that enables unauthorized remote access and subsequent denial of service conditions. This issue stems from insufficient authentication mechanisms and inadequate connection management within the device's SSH service implementation, creating a pathway for malicious actors to exploit the system through automated password cracking techniques. The vulnerability falls under CWE-307, which addresses improper restriction of excessive authentication attempts, and aligns with ATT&CK technique T1110 for Brute Force attacks targeting remote services.
The technical flaw manifests through the device's SSH service failing to properly implement rate limiting or account lockout mechanisms during authentication attempts. When an attacker employs automated password cracking tools, each failed login attempt consumes a connection slot and extends the SSH login timeout period significantly. This behavior creates a resource exhaustion condition where legitimate users attempting to establish SSH or telnet connections face immediate rejection due to connection slot exhaustion. The underlying mechanism operates by maintaining connection slots for extended periods during failed authentication attempts, preventing the system from processing new legitimate connection requests.
The operational impact of this vulnerability extends beyond simple unauthorized access to encompass complete service disruption for authorized personnel. Once the denial of service condition is triggered, legitimate administrators lose access to critical network infrastructure through standard remote management protocols, forcing system administrators to perform manual device restarts to restore functionality. This disruption represents a severe operational risk for network administrators who rely on remote access capabilities for routine maintenance and monitoring activities. The vulnerability particularly affects network infrastructure management where continuous availability is paramount, potentially creating extended downtime periods during which network issues cannot be addressed remotely.
Mitigation strategies for CVE-2017-5544 should focus on implementing robust authentication controls including account lockout policies, rate limiting for authentication attempts, and network segmentation to isolate critical infrastructure. Organizations should deploy intrusion detection systems to monitor for unusual authentication patterns and implement multi-factor authentication where possible. Network administrators should also consider implementing temporary workarounds such as disabling unnecessary SSH access, restricting SSH access to specific IP addresses, and configuring automatic monitoring alerts when excessive authentication attempts are detected. The solution aligns with security frameworks that emphasize defense in depth principles and proper access control implementation as outlined in various cybersecurity standards and best practices.