CVE-2020-9127

Name of the Vulnerable Software and Affected Versions NIP6300 versions V500R001C30, V500R001C60 NIP6600 versions V500R001C30, V500R001C60 Secospace USG6300 versions V500R001C30, V500R001C60 Secospace USG6500 versions V500R001C30, V500R001C60 Secospace USG6600 versions V500R001C30, V500R001C60 USG9500 versions V500R001C30, V500R001C60

Description Some Huawei products have a command injection vulnerability due to insufficient input validation, allowing an attacker with high privilege to inject malicious codes into files of the affected products. Successful exploitation may cause command injection.

Recommendations For NIP6300 versions V500R001C30, V500R001C60, update to a version that includes the fix for this issue. For NIP6600 versions V500R001C30, V500R001C60, update to a version that includes the fix for this issue. For Secospace USG6300 versions V500R001C30, V500R001C60, update to a version that includes the fix for this issue. For Secospace USG6500 versions V500R001C30, V500R001C60, update to a version that includes the fix for this issue. For Secospace USG6600 versions V500R001C30, V500R001C60, update to a version that includes the fix for this issue. For USG9500 versions V500R001C30, V500R001C60, update to a version that includes the fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.