critical
9
CWE
347
Advisory Published
Updated

CVE-2021-37127

First published: Wed Oct 27 2021(Updated: )

There is a signature management vulnerability in some huawei products. An attacker can forge signature and bypass the signature check. During firmware update process, successful exploit this vulnerability can cause the forged system file overwrite the correct system file. Affected product versions include:iManager NetEco V600R010C00CP2001,V600R010C00CP2002,V600R010C00SPC100,V600R010C00SPC110,V600R010C00SPC120,V600R010C00SPC200,V600R010C00SPC210,V600R010C00SPC300;iManager NetEco 6000 V600R009C00SPC100,V600R009C00SPC110,V600R009C00SPC120,V600R009C00SPC190,V600R009C00SPC200,V600R009C00SPC201,V600R009C00SPC202,V600R009C00SPC210.

Credit: psirt@huawei.com

Affected SoftwareAffected VersionHow to fix
Huawei iManager NetEco Firmware=v600r010c00cp2001
Huawei iManager NetEco Firmware=v600r010c00cp2002
Huawei iManager NetEco Firmware=v600r010c00spc100
Huawei iManager NetEco Firmware=v600r010c00spc110
Huawei iManager NetEco Firmware=v600r010c00spc120
Huawei iManager NetEco Firmware=v600r010c00spc200
Huawei iManager NetEco Firmware=v600r010c00spc210
Huawei iManager NetEco Firmware=v600r010c00spc300
Huawei iManager NetEco 6000 Firmware
Huawei iManager NetEco Firmware=v600r009c00spc100
Huawei iManager NetEco Firmware=v600r009c00spc110
Huawei iManager NetEco Firmware=v600r009c00spc120
Huawei iManager NetEco Firmware=v600r009c00spc190
Huawei iManager NetEco Firmware=v600r009c00spc200
Huawei iManager NetEco Firmware=v600r009c00spc201
Huawei iManager NetEco Firmware=v600r009c00spc202
Huawei iManager NetEco Firmware=v600r009c00spc210
Huawei iManager NetEco

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of CVE-2021-37127?

    CVE-2021-37127 is classified as a high severity vulnerability due to its potential to allow unauthorized access during firmware updates.

  • How do I fix CVE-2021-37127?

    To mitigate CVE-2021-37127, users should update to the latest patched version of Huawei iManager NetEco Firmware, as recommended by the vendor.

  • What types of devices are affected by CVE-2021-37127?

    CVE-2021-37127 affects multiple versions of Huawei iManager NetEco 6000 Firmware, specifically versions v600r009 and v600r010.

  • Can CVE-2021-37127 be exploited remotely?

    Yes, CVE-2021-37127 can be exploited remotely if an attacker can access the firmware update process.

  • What is the impact of successful exploitation of CVE-2021-37127?

    Successful exploitation of CVE-2021-37127 can lead to the overwriting of legitimate system files, potentially causing system instability or data loss.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203