Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-37127

There is a signature management vulnerability in some huawei products. An attacker can forge signature and bypass the signature check. During firmware update process, successful exploit this vulnerability can cause the forged system file overwrite the correct system file. Affected product versions include:iManager NetEco V600R010C00CP2001,V600R010C00CP2002,V600R010C00SPC100,V600R010C00SPC110,V600R010C00SPC120,V600R010C00SPC200,V600R010C00SPC210,V600R010C00SPC300;iManager NetEco 6000 V600R009C00SPC100,V600R009C00SPC110,V600R009C00SPC120,V600R009C00SPC190,V600R009C00SPC200,V600R009C00SPC201,V600R009C00SPC202,V600R009C00SPC210.

Published

2021-10-27T01:15:07.710

Last Modified

2024-11-21T06:14:41.860

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.2 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Access Vector: NETWORK
Access Complexity: LOW
Authentication: SINGLE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

8.0

Impact Score

10.0

Weaknesses

Type: Primary
CWE-347

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	huawei	imanager_neteco_6000_firmware	v600r010c00cp2001	Yes
Operating System	huawei	imanager_neteco_6000_firmware	v600r010c00cp2002	Yes
Operating System	huawei	imanager_neteco_6000_firmware	v600r010c00spc100	Yes
Operating System	huawei	imanager_neteco_6000_firmware	v600r010c00spc110	Yes
Operating System	huawei	imanager_neteco_6000_firmware	v600r010c00spc120	Yes
Operating System	huawei	imanager_neteco_6000_firmware	v600r010c00spc200	Yes
Operating System	huawei	imanager_neteco_6000_firmware	v600r010c00spc210	Yes
Operating System	huawei	imanager_neteco_6000_firmware	v600r010c00spc300	Yes
Hardware	huawei	imanager_neteco_6000	-	No
Operating System	huawei	imanager_neteco_firmware	v600r009c00spc100	Yes
Operating System	huawei	imanager_neteco_firmware	v600r009c00spc110	Yes
Operating System	huawei	imanager_neteco_firmware	v600r009c00spc120	Yes
Operating System	huawei	imanager_neteco_firmware	v600r009c00spc190	Yes
Operating System	huawei	imanager_neteco_firmware	v600r009c00spc200	Yes
Operating System	huawei	imanager_neteco_firmware	v600r009c00spc201	Yes
Operating System	huawei	imanager_neteco_firmware	v600r009c00spc202	Yes
Operating System	huawei	imanager_neteco_firmware	v600r009c00spc210	Yes
Hardware	huawei	imanager_neteco	-	No

References

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20211020-01-signature-en Vendor Advisory ([email protected])
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20211020-01-signature-en Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)