CVE-2020-9199

Name of the Vulnerable Software and Affected Versions B2368-22 version V100R001C00 B2368-57 version V100R001C00 B2368-66 version V100R001C00

Description The issue is related to a command injection vulnerability. An attacker with high privileges may exploit this vulnerability through some operations on the LAN. The vulnerability is caused by insufficient input validation of some parameters, allowing the attacker to inject commands to the target device.

Recommendations For B2368-22 version V100R001C00, restrict access to the LAN to minimize the risk of exploitation. For B2368-57 version V100R001C00, consider implementing additional input validation for parameters to prevent command injection. For B2368-66 version V100R001C00, avoid using the device for sensitive operations until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.