Security Advisory - Command Injection Vulnerability in the NetEco

Type huawei
Reporter Huawei Technologies
Modified 2017-05-31T00:00:00


Huawei iManager NetEco has a command injection vulnerability due to insufficient input validation. An authenticated, remote attacker could exploit this vulnerability to send malicious packets to a target device. Successful exploit could enable a low privileged user to execute commands that a high privileged user could execute, causing the files to be tampered with or deleted. (Vulnerability ID: HWPSIRT-2017-03128)

This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2017-8133. 

Huawei has released software updates to fix this vulnerability. This advisory is available at the following link: