Design/Logic Flaw

2021-10-2701:15:00

PRIOn knowledge base

www.prio-n.com

6.9 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

42.9%

JSON

There is a signature management vulnerability in some huawei products. An attacker can forge signature and bypass the signature check. During firmware update process, successful exploit this vulnerability can cause the forged system file overwrite the correct system file. Affected product versions include:iManager NetEco V600R010C00CP2001,V600R010C00CP2002,V600R010C00SPC100,V600R010C00SPC110,V600R010C00SPC120,V600R010C00SPC200,V600R010C00SPC210,V600R010C00SPC300;iManager NetEco 6000 V600R009C00SPC100,V600R009C00SPC110,V600R009C00SPC120,V600R009C00SPC190,V600R009C00SPC200,V600R009C00SPC201,V600R009C00SPC202,V600R009C00SPC210.

CPENameOperatorVersion
imanager_neteco_6000_firmwareeq600r10c0cp2001-v
imanager_neteco_6000_firmwareeq600r10c0cp2002-v
imanager_neteco_6000_firmwareeq600r10c0spc100-v
imanager_neteco_6000_firmwareeq600r10c0spc110-v
imanager_neteco_6000_firmwareeq600r10c0spc120-v
imanager_neteco_6000_firmwareeq600r10c0spc200-v
imanager_neteco_6000_firmwareeq600r10c0spc210-v
imanager_neteco_6000_firmwareeq600r10c0spc300-v
imanager_neteco_firmwareeq600r9c0spc100-v
imanager_neteco_firmwareeq600r9c0spc110-v

Name	Operator	Version
imanager_neteco_6000_firmware	eq	600r10c0cp2001-v
imanager_neteco_6000_firmware	eq	600r10c0cp2002-v
imanager_neteco_6000_firmware	eq	600r10c0spc100-v
imanager_neteco_6000_firmware	eq	600r10c0spc110-v
imanager_neteco_6000_firmware	eq	600r10c0spc120-v
imanager_neteco_6000_firmware	eq	600r10c0spc200-v
imanager_neteco_6000_firmware	eq	600r10c0spc210-v
imanager_neteco_6000_firmware	eq	600r10c0spc300-v
imanager_neteco_firmware	eq	600r9c0spc100-v
imanager_neteco_firmware	eq	600r9c0spc110-v