CVE-2020-9127

CWE-20Improper Input ValidationCWE-77Command Injection3 documents3 sources
Severity
6.7MEDIUM
EPSS
0.1%
top 70.13%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Huawei Nip6300 FirmwareHuawei Nip6600 FirmwareHuawei Secospace Usg6300 Firmware+3 more
Timeline
PublishedNov 13
Latest updateMay 24

Description

Some Huawei products have a command injection vulnerability. Due to insufficient input validation, an attacker with high privilege may inject some malicious codes in some files of the affected products. Successful exploit may cause command injection.Affected product versions include:NIP6300 versions V500R001C30,V500R001C60;NIP6600 versions V500R001C30,V500R001C60;Secospace USG6300 versions V500R001C30,V500R001C60;Secospace USG6500 versions V500R001C30,V500R001C60;Secospace USG6600 versions V500R

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages6 packages

NVDhuawei/secospace_usg6300_firmwarev500r001c30, v500r001c60+1
NVDhuawei/secospace_usg6500_firmwarev500r001c30, v500r001c60+1
NVDhuawei/secospace_usg6600_firmwarev500r001c30, v500r001c60+1
NVDhuawei/nip6300_firmwarev500r001c30, v500r001c60+1
NVDhuawei/nip6600_firmwarev500r001c30, v500r001c60+1

🔴Vulnerability Details

2
GHSA
GHSA-j543-4hfr-2w65: Some Huawei products have a command injection vulnerability2022-05-24
CVEList
CVE-2020-9127: Some Huawei products have a command injection vulnerability2020-11-13