CVE-2021-37131

There is a CSV injection vulnerability in ManageOne, iManager NetEco and iManager NetEco 6000. An attacker with high privilege may exploit this vulnerability through some operations to inject the CSV files. Due to insufficient input validation of some parameters, the attacker can exploit this vulnerability to inject CSV files to the target device.

Published: Oct 27, 2021
Updated: Apr 14, 2023
CVE: CVE-2021-37131
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.8
AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

CVSS v2:

Severity: Medium
Score: 6
AV:N/AC:M/Au:S/C:P/I:P/A:P

CWEs:

CWE-1236

Affected Software
References

Software	From	Fixed in
huawei / manageone	6.5.1.1-b010	6.5.1.1-b010.x
huawei / manageone	6.5.1.1-b020	6.5.1.1-b020.x
huawei / manageone	6.5.1.1-b030	6.5.1.1-b030.x
huawei / manageone	6.5.1.1-b040	6.5.1.1-b040.x
huawei / manageone	8.0.1	8.0.1.x
huawei / manageone	8.0.0-rc2	8.0.0-rc2.x
huawei / manageone	6.5.1.1-spc200	6.5.1.1-spc200.x
huawei / manageone	6.5.1.1-spc100.b050	6.5.1.1-spc100.b050.x
huawei / manageone	6.5.1.1-spc101.b010	6.5.1.1-spc101.b010.x
huawei / manageone	6.5.1.1-spc101.b040	6.5.1.1-spc101.b040.x
huawei / manageone	6.5.1.1-spc200.b010	6.5.1.1-spc200.b010.x
huawei / manageone	6.5.1.1-spc200.b030	6.5.1.1-spc200.b030.x
huawei / manageone	6.5.1.1-spc200.b040	6.5.1.1-spc200.b040.x
huawei / manageone	6.5.1.1-spc200.b050	6.5.1.1-spc200.b050.x
huawei / manageone	6.5.1.1-spc200.b060	6.5.1.1-spc200.b060.x
huawei / manageone	6.5.1.1-spc200.b070	6.5.1.1-spc200.b070.x
huawei / manageone	8.0.0	8.0.0.x
huawei / manageone	8.0.0-spc100	8.0.0-spc100.x
huawei / manageone	8.0.0-lcnd81	8.0.0-lcnd81.x
huawei / manageone	8.0.0-rc3	8.0.0-rc3.x
huawei / manageone	6.5.1-rc1.b060	6.5.1-rc1.b060.x
huawei / manageone	6.5.1-rc2.b020	6.5.1-rc2.b020.x
huawei / manageone	6.5.1-rc2.b030	6.5.1-rc2.b030.x
huawei / manageone	6.5.1-rc2.b040	6.5.1-rc2.b040.x
huawei / manageone	6.5.1-rc2.b050	6.5.1-rc2.b050.x
huawei / manageone	6.5.1-rc2.b060	6.5.1-rc2.b060.x
huawei / manageone	6.5.1-rc2.b070	6.5.1-rc2.b070.x
huawei / manageone	6.5.1-rc2.b090	6.5.1-rc2.b090.x
huawei / manageone	6.5.1-rc1.b070	6.5.1-rc1.b070.x
huawei / manageone	8.0.0-lcn080	8.0.0-lcn080.x
huawei / imanager_neteco_6000	600r009c00cp2201	600r009c00cp2201.x
huawei / imanager_neteco_6000	600r009c00cp2301	600r009c00cp2301.x
huawei / imanager_neteco_6000	600r009c00spc100	600r009c00spc100.x
huawei / imanager_neteco_6000	600r009c00spc110	600r009c00spc110.x
huawei / imanager_neteco_6000	600r009c00spc120	600r009c00spc120.x
huawei / imanager_neteco_6000	600r009c00spc190	600r009c00spc190.x
huawei / imanager_neteco_6000	600r009c00spc200	600r009c00spc200.x
huawei / imanager_neteco_6000	600r009c00spc201	600r009c00spc201.x
huawei / imanager_neteco_6000	600r009c00spc202	600r009c00spc202.x
huawei / imanager_neteco_6000	600r009c00spc210	600r009c00spc210.x
huawei / imanager_neteco_6000	600r009c00spc220	600r009c00spc220.x
huawei / imanager_neteco_6000	600r009c00spc221	600r009c00spc221.x
huawei / imanager_neteco_6000	600r009c00spc230	600r009c00spc230.x
huawei / imanager_neteco_6000	600r009c00spc232	600r009c00spc232.x
huawei / imanager_neteco	600r010c00cp2001	600r010c00cp2001.x
huawei / imanager_neteco	600r010c00cp2002	600r010c00cp2002.x
huawei / imanager_neteco	600r010c00cp3001	600r010c00cp3001.x
huawei / imanager_neteco	600r010c00cp3002	600r010c00cp3002.x
huawei / imanager_neteco	600r010c00cp3101	600r010c00cp3101.x
huawei / imanager_neteco	600r010c00cp3102	600r010c00cp3102.x
huawei / imanager_neteco	600r010c00spc100	600r010c00spc100.x
huawei / imanager_neteco	600r010c00spc110	600r010c00spc110.x
huawei / imanager_neteco	600r010c00spc120	600r010c00spc120.x
huawei / imanager_neteco	600r010c00spc200	600r010c00spc200.x
huawei / imanager_neteco	600r010c00spc210	600r010c00spc210.x
huawei / imanager_neteco	600r010c00spc300	600r010c00spc300.x
huawei / imanager_neteco	600r010c00spc310	600r010c00spc310.x

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20211020-01-csv-en

Vulnerability Database

289,599

CVE-2021-37131