medium
6.8
CWE
1236 20
Advisory Published
Updated

CVE-2021-37131: Input Validation

First published: Wed Oct 27 2021(Updated: )

There is a CSV injection vulnerability in ManageOne, iManager NetEco and iManager NetEco 6000. An attacker with high privilege may exploit this vulnerability through some operations to inject the CSV files. Due to insufficient input validation of some parameters, the attacker can exploit this vulnerability to inject CSV files to the target device.

Credit: psirt@huawei.com

Affected SoftwareAffected VersionHow to fix
Huawei ManageOne=6.5.1-rc1.b060
Huawei ManageOne=6.5.1-rc1.b070
Huawei ManageOne=6.5.1-rc2.b020
Huawei ManageOne=6.5.1-rc2.b030
Huawei ManageOne=6.5.1-rc2.b040
Huawei ManageOne=6.5.1-rc2.b050
Huawei ManageOne=6.5.1-rc2.b060
Huawei ManageOne=6.5.1-rc2.b070
Huawei ManageOne=6.5.1-rc2.b090
Huawei ManageOne=6.5.1.1-b010
Huawei ManageOne=6.5.1.1-b020
Huawei ManageOne=6.5.1.1-b030
Huawei ManageOne=6.5.1.1-b040
Huawei ManageOne=6.5.1.1-spc100.b050
Huawei ManageOne=6.5.1.1-spc101.b010
Huawei ManageOne=6.5.1.1-spc101.b040
Huawei ManageOne=6.5.1.1-spc200
Huawei ManageOne=6.5.1.1-spc200.b010
Huawei ManageOne=6.5.1.1-spc200.b030
Huawei ManageOne=6.5.1.1-spc200.b040
Huawei ManageOne=6.5.1.1-spc200.b050
Huawei ManageOne=6.5.1.1-spc200.b060
Huawei ManageOne=6.5.1.1-spc200.b070
Huawei ManageOne=8.0.0
Huawei ManageOne=8.0.0-lcn080
Huawei ManageOne=8.0.0-lcnd81
Huawei ManageOne=8.0.0-rc2
Huawei ManageOne=8.0.0-rc3
Huawei ManageOne=8.0.0-spc100
Huawei ManageOne=8.0.1
Huawei Imanager Neteco=v600r010c00cp2001
Huawei Imanager Neteco=v600r010c00cp2002
Huawei Imanager Neteco=v600r010c00cp3001
Huawei Imanager Neteco=v600r010c00cp3002
Huawei Imanager Neteco=v600r010c00cp3101
Huawei Imanager Neteco=v600r010c00cp3102
Huawei Imanager Neteco=v600r010c00spc100
Huawei Imanager Neteco=v600r010c00spc110
Huawei Imanager Neteco=v600r010c00spc120
Huawei Imanager Neteco=v600r010c00spc200
Huawei Imanager Neteco=v600r010c00spc210
Huawei Imanager Neteco=v600r010c00spc300
Huawei Imanager Neteco=v600r010c00spc310
Huawei Imanager Neteco 6000=v600r009c00cp2201
Huawei Imanager Neteco 6000=v600r009c00cp2301
Huawei Imanager Neteco 6000=v600r009c00spc100
Huawei Imanager Neteco 6000=v600r009c00spc110
Huawei Imanager Neteco 6000=v600r009c00spc120
Huawei Imanager Neteco 6000=v600r009c00spc190
Huawei Imanager Neteco 6000=v600r009c00spc200
Huawei Imanager Neteco 6000=v600r009c00spc201
Huawei Imanager Neteco 6000=v600r009c00spc202
Huawei Imanager Neteco 6000=v600r009c00spc210
Huawei Imanager Neteco 6000=v600r009c00spc220
Huawei Imanager Neteco 6000=v600r009c00spc221
Huawei Imanager Neteco 6000=v600r009c00spc230
Huawei Imanager Neteco 6000=v600r009c00spc232

Remedy

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20211020-01-csv-en

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203