CVE-2020-9199

B2368-22 V100R001C00;B2368-57 V100R001C00;B2368-66 V100R001C00 have a command injection vulnerability. An attacker with high privileges may exploit this vulnerability through some operations on the LAN. Due to insufficient input validation of some parameters, the attacker can exploit this vulnerability to inject commands to the target device.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:huawei:b2368-22_firmware:v100r001c00:*:*:*:*:*:*:*
cpe:2.3:h:huawei:b2368-22:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:huawei:b2368-57_firmware:v100r001c00:*:*:*:*:*:*:*
cpe:2.3:h:huawei:b2368-57:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:huawei:b2368-66_firmware:v100r001c00:*:*:*:*:*:*:*
cpe:2.3:h:huawei:b2368-66:-:*:*:*:*:*:*:*

History

21 Nov 2024, 05:40

Type Values Removed Values Added
References () https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200902-01-command-en - Vendor Advisory () https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200902-01-command-en - Vendor Advisory

Information

Published : 2020-09-03 18:15

Updated : 2024-11-21 05:40


NVD link : CVE-2020-9199

Mitre link : CVE-2020-9199

CVE.ORG link : CVE-2020-9199


JSON object : View

Products Affected

huawei

  • b2368-57_firmware
  • b2368-22
  • b2368-57
  • b2368-22_firmware
  • b2368-66_firmware
  • b2368-66
CWE
CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')