CVE-2021-37131

CWE-12363 documents3 sources
Severity
6.8MEDIUM
EPSS
0.3%
top 51.78%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Huawei Imanager NetecoHuawei Imanager Neteco 6000Huawei Manageone
Timeline
PublishedOct 27
Latest updateMay 24

Description

There is a CSV injection vulnerability in ManageOne, iManager NetEco and iManager NetEco 6000. An attacker with high privilege may exploit this vulnerability through some operations to inject the CSV files. Due to insufficient input validation of some parameters, the attacker can exploit this vulnerability to inject CSV files to the target device.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:HExploitability: 0.9 | Impact: 5.9

Affected Packages3 packages

NVDhuawei/imanager_neteco_600014 versions+13
NVDhuawei/imanager_neteco13 versions+12
NVDhuawei/manageone4 versions+3

Patches

Patch: www.huawei.comPatch: www.huawei.com

🔴Vulnerability Details

2
GHSA
GHSA-m386-mvxc-mmq3: There is a CSV injection vulnerability in ManageOne, iManager NetEco and iManager NetEco 60002022-05-24
CVEList
CVE-2021-37131: There is a CSV injection vulnerability in ManageOne, iManager NetEco and iManager NetEco 60002021-10-27
CVE-2021-37131 (MEDIUM CVSS 6.8) | There is a CSV injection vulnerabil | cvebase.io