Security Advisory - Command Injection Vulnerability in the NetEco

2017-05-31T00:00:00
ID HUAWEI-SA-20170531-01-NETECO
Type huawei
Reporter Huawei Technologies
Modified 2017-05-31T00:00:00

Description

Huawei iManager NetEco has a command injection vulnerability due to insufficient input validation. An authenticated, remote attacker could exploit this vulnerability to send malicious packets to a target device. Successful exploit could enable a low privileged user to execute commands that a high privileged user could execute, causing the files to be tampered with or deleted. (Vulnerability ID: HWPSIRT-2017-03128)

This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2017-8133. 

Huawei has released software updates to fix this vulnerability. This advisory is available at the following link: http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170531-01-neteco-en