CVE-2020-9200: Input Validation
First published: Thu Dec 24 2020(Updated: )
There has a CSV injection vulnerability in iManager NetEco 6000 versions V600R021C00. An attacker with common privilege may exploit this vulnerability through some operations to inject the CSV files. Due to insufficient input validation of some parameters, the attacker can exploit this vulnerability to inject CSV files to the target device.
Credit: psirt@huawei.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Huawei iManager NetEco 6000 Firmware | =v600r021c00 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2020-9200?
CVE-2020-9200 is considered a moderate severity vulnerability due to its potential for exploitation through CSV injection.
How do I fix CVE-2020-9200?
To fix CVE-2020-9200, update to an unaffected version of Huawei iManager NetEco 6000 firmware.
Can CVE-2020-9200 be exploited remotely?
Yes, CVE-2020-9200 can be exploited remotely by an attacker with common privileges.
What products are affected by CVE-2020-9200?
CVE-2020-9200 affects Huawei iManager NetEco 6000 versions V600R021C00.
What are the potential impacts of CVE-2020-9200?
The potential impacts of CVE-2020-9200 include unauthorized data manipulation through maliciously crafted CSV files.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/severity
- agent/references
- agent/last-modified-date
- agent/weakness
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/huawei
- canonical/huawei imanager neteco 6000 firmware
- version/huawei imanager neteco 6000 firmware/v600r021c00