CVE-2021-37131

There is a CSV injection vulnerability in ManageOne, iManager NetEco and iManager NetEco 6000. An attacker with high privilege may exploit this vulnerability through some operations to inject the CSV files. Due to insufficient input validation of some parameters, the attacker can exploit this vulnerability to inject CSV files to the target device.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.8 MEDIUM
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
huaweiCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 60%
VendorProductVersion
huaweimanageone
6.5.1:rc1.b060
huaweimanageone
6.5.1:rc1.b070
huaweimanageone
6.5.1:rc2.b020
huaweimanageone
6.5.1:rc2.b030
huaweimanageone
6.5.1:rc2.b040
huaweimanageone
6.5.1:rc2.b050
huaweimanageone
6.5.1:rc2.b060
huaweimanageone
6.5.1:rc2.b070
huaweimanageone
6.5.1:rc2.b090
huaweimanageone
6.5.1.1:b010
huaweimanageone
6.5.1.1:b020
huaweimanageone
6.5.1.1:b030
huaweimanageone
6.5.1.1:b040
huaweimanageone
6.5.1.1:spc100.b050
huaweimanageone
6.5.1.1:spc101.b010
huaweimanageone
6.5.1.1:spc101.b040
huaweimanageone
6.5.1.1:spc200
huaweimanageone
6.5.1.1:spc200.b010
huaweimanageone
6.5.1.1:spc200.b030
huaweimanageone
6.5.1.1:spc200.b040
huaweimanageone
6.5.1.1:spc200.b050
huaweimanageone
6.5.1.1:spc200.b060
huaweimanageone
6.5.1.1:spc200.b070
huaweimanageone
8.0.0
huaweimanageone
8.0.0:lcn080
huaweimanageone
8.0.0:lcnd81
huaweimanageone
8.0.0:rc2
huaweimanageone
8.0.0:rc3
huaweimanageone
8.0.0:spc100
huaweimanageone
8.0.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20211020-01-csv-en
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20211020-01-csv-en