CVE-2020-9127

Published: Nov 13, 2020

Modified: Aug 4, 2024

PUBLISHED

Description

Some Huawei products have a command injection vulnerability. Due to insufficient input validation, an attacker with high privilege may inject some malicious codes in some files of the affected products. Successful exploit may cause command injection.Affected product versions include:NIP6300 versions V500R001C30,V500R001C60;NIP6600 versions V500R001C30,V500R001C60;Secospace USG6300 versions V500R001C30,V500R001C60;Secospace USG6500 versions V500R001C30,V500R001C60;Secospace USG6600 versions V500R001C30,V500R001C60;USG9500 versions V500R001C30,V500R001C60.

Vendor	Product	Versions
n/a	NIP6300;NIP6600;Secospace USG6300;Secospace USG6500;Secospace USG6600;USG9500	affected `V500R001C30,V500R001C60`

References

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201111-02-injection-en

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2020-9127

Description

Affected Products

References