CVE-2021-37131

Published: Oct 27, 2021Modified: Nov 21, 2024

6.8

Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

Exploitability: 0.9 / Impact: 5.9

Source: NVD

Description

There is a CSV injection vulnerability in ManageOne, iManager NetEco and iManager NetEco 6000. An attacker with high privilege may exploit this vulnerability through some operations to inject the CSV files. Due to insufficient input validation of some parameters, the attacker can exploit this vulnerability to inject CSV files to the target device.

Affected (57)

Products: Huawei: Imanager Neteco, Imanager Neteco 6000, Manageone

3 products

Configuration A

57 vulnerable

Vulnerable Software	Affected Versions
Huawei Imanager Neteco	Version v600r010c00cp2001
Huawei Imanager Neteco	Version v600r010c00cp2002
Huawei Imanager Neteco	Version v600r010c00cp3001
Huawei Imanager Neteco	Version v600r010c00cp3002
Huawei Imanager Neteco	Version v600r010c00cp3101
Huawei Imanager Neteco	Version v600r010c00cp3102
Huawei Imanager Neteco	Version v600r010c00spc100
Huawei Imanager Neteco	Version v600r010c00spc110
Huawei Imanager Neteco	Version v600r010c00spc120
Huawei Imanager Neteco	Version v600r010c00spc200
Huawei Imanager Neteco	Version v600r010c00spc210
Huawei Imanager Neteco	Version v600r010c00spc300
Huawei Imanager Neteco	Version v600r010c00spc310
Huawei Imanager Neteco 6000	Version v600r009c00cp2201
Huawei Imanager Neteco 6000	Version v600r009c00cp2301
Huawei Imanager Neteco 6000	Version v600r009c00spc100
Huawei Imanager Neteco 6000	Version v600r009c00spc110
Huawei Imanager Neteco 6000	Version v600r009c00spc120
Huawei Imanager Neteco 6000	Version v600r009c00spc190
Huawei Imanager Neteco 6000	Version v600r009c00spc200
Huawei Imanager Neteco 6000	Version v600r009c00spc201
Huawei Imanager Neteco 6000	Version v600r009c00spc202
Huawei Imanager Neteco 6000	Version v600r009c00spc210
Huawei Imanager Neteco 6000	Version v600r009c00spc220
Huawei Imanager Neteco 6000	Version v600r009c00spc221
Huawei Imanager Neteco 6000	Version v600r009c00spc230
Huawei Imanager Neteco 6000	Version v600r009c00spc232
Huawei Manageone	Version 6.5.1.1 b010
Huawei Manageone	Version 6.5.1.1 b020
Huawei Manageone	Version 6.5.1.1 b030
Huawei Manageone	Version 6.5.1.1 b040
Huawei Manageone	Version 6.5.1.1 spc100.b050
Huawei Manageone	Version 6.5.1.1 spc101.b010
Huawei Manageone	Version 6.5.1.1 spc101.b040
Huawei Manageone	Version 6.5.1.1 spc200.b010
Huawei Manageone	Version 6.5.1.1 spc200.b030
Huawei Manageone	Version 6.5.1.1 spc200.b040
Huawei Manageone	Version 6.5.1.1 spc200.b050
Huawei Manageone	Version 6.5.1.1 spc200.b060
Huawei Manageone	Version 6.5.1.1 spc200.b070
Huawei Manageone	Version 6.5.1.1 spc200
Huawei Manageone	Version 6.5.1 rc1.b060
Huawei Manageone	Version 6.5.1 rc1.b070
Huawei Manageone	Version 6.5.1 rc2.b020
Huawei Manageone	Version 6.5.1 rc2.b030
Huawei Manageone	Version 6.5.1 rc2.b040
Huawei Manageone	Version 6.5.1 rc2.b050
Huawei Manageone	Version 6.5.1 rc2.b060
Huawei Manageone	Version 6.5.1 rc2.b070
Huawei Manageone	Version 6.5.1 rc2.b090
Huawei Manageone	Version 8.0.0
Huawei Manageone	Version 8.0.0 lcn080
Huawei Manageone	Version 8.0.0 lcnd81
Huawei Manageone	Version 8.0.0 rc2
Huawei Manageone	Version 8.0.0 rc3
Huawei Manageone	Version 8.0.0 spc100
Huawei Manageone	Version 8.0.1

Related CWEs

CWE-1236

Improper Neutralization of Formula Elements in a CSV File

The product saves user-provided information into a Comma-Separated Value (CSV) file, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as a command when the file is opened by a spreadsheet product.

References (2)

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20211020-01-csv-en

Source: psirt@huawei.com

PatchVendor Advisory

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20211020-01-csv-en

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.