CVE-2020-9199
MEDIUMHuawei B2368-22, B2368-57, B2368-66 Firmware V100R001C00 - Authenticated Command Injection via LAN Parameter
Title source: llmDescription
B2368-22 V100R001C00;B2368-57 V100R001C00;B2368-66 V100R001C00 have a command injection vulnerability. An attacker with high privileges may exploit this vulnerability through some operations on the LAN. Due to insufficient input validation of some parameters, the attacker can exploit this vulnerability to inject commands to the target device.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200902-01-command-en
Scores
CVSS v3
6.8
EPSS
0.0024
EPSS Percentile
47.3%
Attack Vector
ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-77
Status
published
Products (3)
huawei/b2368-22_firmware
v100r001c00
huawei/b2368-57_firmware
v100r001c00
huawei/b2368-66_firmware
v100r001c00
Published
Sep 03, 2020
Tracked Since
Feb 18, 2026