PT-2020-20520 · Huawei · Imanager Neteco 6000+1

Published

2020-12-09

Updated

2020-12-28

CVE-2020-9200

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions iManager NetEco 6000 version V600R021C00

Description The issue is related to a CSV injection vulnerability. An attacker with common privilege may exploit this vulnerability through some operations to inject CSV files. The vulnerability is due to insufficient input validation of some parameters, allowing the attacker to inject CSV files to the target device.

Recommendations For iManager NetEco 6000 version V600R021C00, consider restricting access to the vulnerable parameters until a patch is available. As a temporary workaround, avoid using the vulnerable operations that allow CSV file injection until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-1236

Related Identifiers

CVE-2020-9200

Affected Products

Huawei Vrp

Imanager Neteco 6000

PT-2020-20520 · Huawei · Imanager Neteco 6000+1

CVE-2020-9200

Weakness Enumeration

Related Identifiers

Affected Products

References · 6