B2368-22 V100R001C00;B2368-57 V100R001C00;B2368-66 V100R001C00 have a command injection vulnerability. An attacker with high privileges may exploit this vulnerability through some operations on the LAN. Due to insufficient input validation of some parameters, the attacker can exploit this vulnerability to inject commands to the target device.
References
Link | Resource |
---|---|
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200902-01-command-en | Vendor Advisory |
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200902-01-command-en | Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
History
21 Nov 2024, 05:40
Type | Values Removed | Values Added |
---|---|---|
References | () https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200902-01-command-en - Vendor Advisory |
Information
Published : 2020-09-03 18:15
Updated : 2024-11-21 05:40
NVD link : CVE-2020-9199
Mitre link : CVE-2020-9199
CVE.ORG link : CVE-2020-9199
JSON object : View
Products Affected
huawei
- b2368-57_firmware
- b2368-22
- b2368-57
- b2368-22_firmware
- b2368-66_firmware
- b2368-66
CWE
CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')