CVE-2021-37131

MEDIUM

ManageOne - CSV Injection

Title source: llm

Description

There is a CSV injection vulnerability in ManageOne, iManager NetEco and iManager NetEco 6000. An attacker with high privilege may exploit this vulnerability through some operations to inject the CSV files. Due to insufficient input validation of some parameters, the attacker can exploit this vulnerability to inject CSV files to the target device.

References (1)

[Patch, Vendor Advisory] https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20211020-01-csv-en

Scores

CVSS v3 6.8

EPSS 0.0025

EPSS Percentile 48.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-1236

Status published

Products (29)

huawei/imanager_neteco v600r010c00cp2001

huawei/imanager_neteco v600r010c00cp2002

huawei/imanager_neteco v600r010c00cp3001

huawei/imanager_neteco v600r010c00cp3002

huawei/imanager_neteco v600r010c00cp3101

huawei/imanager_neteco v600r010c00cp3102

huawei/imanager_neteco v600r010c00spc100

huawei/imanager_neteco v600r010c00spc110

huawei/imanager_neteco v600r010c00spc120

huawei/imanager_neteco v600r010c00spc200

... and 19 more

Published Oct 27, 2021

Tracked Since Feb 18, 2026