CVE-2020-9200

There has a CSV injection vulnerability in iManager NetEco 6000 versions V600R021C00. An attacker with common privilege may exploit this vulnerability through some operations to inject the CSV files. Due to insufficient input validation of some parameters, the attacker can exploit this vulnerability to inject CSV files to the target device.

Published: Dec 24, 2020
Updated: Apr 14, 2023
CVE: CVE-2020-9200
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.8
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 7.2
AV:L/AC:L/Au:N/C:C/I:C/A:C

CWEs:

CWE-1236

Affected Software
References

Software	From	Fixed in
huawei / imanager_neteco_6000	600r021c00	600r021c00.x

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201209-01-csvinjection-en

Vulnerability Database

289,599

CVE-2020-9200