CVE-2021-37131: Input Validation
First published: Wed Oct 27 2021(Updated: )
There is a CSV injection vulnerability in ManageOne, iManager NetEco and iManager NetEco 6000. An attacker with high privilege may exploit this vulnerability through some operations to inject the CSV files. Due to insufficient input validation of some parameters, the attacker can exploit this vulnerability to inject CSV files to the target device.
Credit: psirt@huawei.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Huawei ManageOne | =6.5.1-rc1.b060 | |
| Huawei ManageOne | =6.5.1-rc1.b070 | |
| Huawei ManageOne | =6.5.1-rc2.b020 | |
| Huawei ManageOne | =6.5.1-rc2.b030 | |
| Huawei ManageOne | =6.5.1-rc2.b040 | |
| Huawei ManageOne | =6.5.1-rc2.b050 | |
| Huawei ManageOne | =6.5.1-rc2.b060 | |
| Huawei ManageOne | =6.5.1-rc2.b070 | |
| Huawei ManageOne | =6.5.1-rc2.b090 | |
| Huawei ManageOne | =6.5.1.1-b010 | |
| Huawei ManageOne | =6.5.1.1-b020 | |
| Huawei ManageOne | =6.5.1.1-b030 | |
| Huawei ManageOne | =6.5.1.1-b040 | |
| Huawei ManageOne | =6.5.1.1-spc100.b050 | |
| Huawei ManageOne | =6.5.1.1-spc101.b010 | |
| Huawei ManageOne | =6.5.1.1-spc101.b040 | |
| Huawei ManageOne | =6.5.1.1-spc200 | |
| Huawei ManageOne | =6.5.1.1-spc200.b010 | |
| Huawei ManageOne | =6.5.1.1-spc200.b030 | |
| Huawei ManageOne | =6.5.1.1-spc200.b040 | |
| Huawei ManageOne | =6.5.1.1-spc200.b050 | |
| Huawei ManageOne | =6.5.1.1-spc200.b060 | |
| Huawei ManageOne | =6.5.1.1-spc200.b070 | |
| Huawei ManageOne | =8.0.0 | |
| Huawei ManageOne | =8.0.0-lcn080 | |
| Huawei ManageOne | =8.0.0-lcnd81 | |
| Huawei ManageOne | =8.0.0-rc2 | |
| Huawei ManageOne | =8.0.0-rc3 | |
| Huawei ManageOne | =8.0.0-spc100 | |
| Huawei ManageOne | =8.0.1 | |
| Huawei iManager NetEco | =v600r010c00cp2001 | |
| Huawei iManager NetEco | =v600r010c00cp2002 | |
| Huawei iManager NetEco | =v600r010c00cp3001 | |
| Huawei iManager NetEco | =v600r010c00cp3002 | |
| Huawei iManager NetEco | =v600r010c00cp3101 | |
| Huawei iManager NetEco | =v600r010c00cp3102 | |
| Huawei iManager NetEco | =v600r010c00spc100 | |
| Huawei iManager NetEco | =v600r010c00spc110 | |
| Huawei iManager NetEco | =v600r010c00spc120 | |
| Huawei iManager NetEco | =v600r010c00spc200 | |
| Huawei iManager NetEco | =v600r010c00spc210 | |
| Huawei iManager NetEco | =v600r010c00spc300 | |
| Huawei iManager NetEco | =v600r010c00spc310 | |
| Huawei iManager NetEco 6000 Firmware | =v600r009c00cp2201 | |
| Huawei iManager NetEco 6000 Firmware | =v600r009c00cp2301 | |
| Huawei iManager NetEco 6000 Firmware | =v600r009c00spc100 | |
| Huawei iManager NetEco 6000 Firmware | =v600r009c00spc110 | |
| Huawei iManager NetEco 6000 Firmware | =v600r009c00spc120 | |
| Huawei iManager NetEco 6000 Firmware | =v600r009c00spc190 | |
| Huawei iManager NetEco 6000 Firmware | =v600r009c00spc200 | |
| Huawei iManager NetEco 6000 Firmware | =v600r009c00spc201 | |
| Huawei iManager NetEco 6000 Firmware | =v600r009c00spc202 | |
| Huawei iManager NetEco 6000 Firmware | =v600r009c00spc210 | |
| Huawei iManager NetEco 6000 Firmware | =v600r009c00spc220 | |
| Huawei iManager NetEco 6000 Firmware | =v600r009c00spc221 | |
| Huawei iManager NetEco 6000 Firmware | =v600r009c00spc230 | |
| Huawei iManager NetEco 6000 Firmware | =v600r009c00spc232 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2021-37131?
CVE-2021-37131 has been rated as high severity due to its potential for CSV injection exploits.
How do I fix CVE-2021-37131?
To fix CVE-2021-37131, ensure that software updates are applied to affected versions of Huawei ManageOne and iManager NetEco.
What might an attacker gain by exploiting CVE-2021-37131?
An attacker exploiting CVE-2021-37131 could potentially manipulate CSV files to execute arbitrary commands.
Which versions are affected by CVE-2021-37131?
CVE-2021-37131 affects specific versions of Huawei ManageOne and iManager NetEco, particularly those listed in the vulnerability report.
Is CVE-2021-37131 related to input validation issues?
Yes, CVE-2021-37131 is caused by insufficient input validation of certain parameters.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/remedy
- agent/weakness
- agent/severity
- agent/last-modified-date
- agent/references
- agent/author
- agent/first-publish-date
- agent/description
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/huawei
- canonical/huawei manageone
- version/huawei manageone/6.5.1-rc1.b060
- version/huawei manageone/6.5.1-rc1.b070
- version/huawei manageone/6.5.1-rc2.b020
- version/huawei manageone/6.5.1-rc2.b030
- version/huawei manageone/6.5.1-rc2.b040
- version/huawei manageone/6.5.1-rc2.b050
- version/huawei manageone/6.5.1-rc2.b060
- version/huawei manageone/6.5.1-rc2.b070
- version/huawei manageone/6.5.1-rc2.b090
- version/huawei manageone/6.5.1.1-b010
- version/huawei manageone/6.5.1.1-b020
- version/huawei manageone/6.5.1.1-b030
- version/huawei manageone/6.5.1.1-b040
- version/huawei manageone/6.5.1.1-spc100.b050
- version/huawei manageone/6.5.1.1-spc101.b010
- version/huawei manageone/6.5.1.1-spc101.b040
- version/huawei manageone/6.5.1.1-spc200
- version/huawei manageone/6.5.1.1-spc200.b010
- version/huawei manageone/6.5.1.1-spc200.b030
- version/huawei manageone/6.5.1.1-spc200.b040
- version/huawei manageone/6.5.1.1-spc200.b050
- version/huawei manageone/6.5.1.1-spc200.b060
- version/huawei manageone/6.5.1.1-spc200.b070
- version/huawei manageone/8.0.0
- version/huawei manageone/8.0.0-lcn080
- version/huawei manageone/8.0.0-lcnd81
- version/huawei manageone/8.0.0-rc2
- version/huawei manageone/8.0.0-rc3
- version/huawei manageone/8.0.0-spc100
- version/huawei manageone/8.0.1
- canonical/huawei imanager neteco
- version/huawei imanager neteco/v600r010c00cp2001
- version/huawei imanager neteco/v600r010c00cp2002
- version/huawei imanager neteco/v600r010c00cp3001
- version/huawei imanager neteco/v600r010c00cp3002
- version/huawei imanager neteco/v600r010c00cp3101
- version/huawei imanager neteco/v600r010c00cp3102
- version/huawei imanager neteco/v600r010c00spc100
- version/huawei imanager neteco/v600r010c00spc110
- version/huawei imanager neteco/v600r010c00spc120
- version/huawei imanager neteco/v600r010c00spc200
- version/huawei imanager neteco/v600r010c00spc210
- version/huawei imanager neteco/v600r010c00spc300
- version/huawei imanager neteco/v600r010c00spc310
- canonical/huawei imanager neteco 6000 firmware
- version/huawei imanager neteco 6000 firmware/v600r009c00cp2201
- version/huawei imanager neteco 6000 firmware/v600r009c00cp2301
- version/huawei imanager neteco 6000 firmware/v600r009c00spc100
- version/huawei imanager neteco 6000 firmware/v600r009c00spc110
- version/huawei imanager neteco 6000 firmware/v600r009c00spc120
- version/huawei imanager neteco 6000 firmware/v600r009c00spc190
- version/huawei imanager neteco 6000 firmware/v600r009c00spc200
- version/huawei imanager neteco 6000 firmware/v600r009c00spc201
- version/huawei imanager neteco 6000 firmware/v600r009c00spc202
- version/huawei imanager neteco 6000 firmware/v600r009c00spc210
- version/huawei imanager neteco 6000 firmware/v600r009c00spc220
- version/huawei imanager neteco 6000 firmware/v600r009c00spc221
- version/huawei imanager neteco 6000 firmware/v600r009c00spc230
- version/huawei imanager neteco 6000 firmware/v600r009c00spc232