Vulnerability: CVE-2020-9200

There has a CSV injection vulnerability in iManager NetEco 6000 versions V600R021C00. An attacker with common privilege may exploit this vulnerability through some operations to inject the CSV files. Due to insufficient input validation of some parameters, the attacker can exploit this vulnerability to inject CSV files to the target device.


https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201209-01-csvinjection-en
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201209-01-csvinjection-en
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9200


It's possible to leave a comment as registered users to the site, accessing through social, wordpress account or as anonymous users. If you want to leave a comment as an anonymous user you will be notified by email of a possible response only if you enter the email address (optional). The insertion of any data in the comment fields is totally optional. Whoever decides to insert any data accepts the treatment of these last ones for the inherent purposes of the service that is the answer to the comment and the strictly necessary communications.


Leave a Reply