1. Home
  2. CVE Database
  3. CVE-2020-9127
MEDIUM · 6.7

CVE-2020-9127

Some Huawei products have a command injection vulnerability. Due to insufficient input validation, an attacker with high privilege may inject some malicious codes in some files of the affected product...

Vulnerability Description

Some Huawei products have a command injection vulnerability. Due to insufficient input validation, an attacker with high privilege may inject some malicious codes in some files of the affected products. Successful exploit may cause command injection.Affected product versions include:NIP6300 versions V500R001C30,V500R001C60;NIP6600 versions V500R001C30,V500R001C60;Secospace USG6300 versions V500R001C30,V500R001C60;Secospace USG6500 versions V500R001C30,V500R001C60;Secospace USG6600 versions V500R001C30,V500R001C60;USG9500 versions V500R001C30,V500R001C60.

CVSS Score

6.7

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
HuaweiNip6300 Firmwarev500r001c30
HuaweiNip6300-
HuaweiNip6600 Firmwarev500r001c30
HuaweiNip6600-
HuaweiSecospace Usg6300 Firmwarev500r001c30
HuaweiSecospace Usg6300-
HuaweiSecospace Usg6500 Firmwarev500r001c30
HuaweiSecospace Usg6500-
HuaweiSecospace Usg6600 Firmwarev500r001c30
HuaweiSecospace Usg6600-
HuaweiUsg9500 Firmwarev500r001c30
HuaweiUsg9500-

Related Weaknesses (CWE)

CWE-20CWE-77

References

FAQ

What is CVE-2020-9127?

CVE-2020-9127 is a vulnerability with a CVSS score of 6.7 (MEDIUM). Some Huawei products have a command injection vulnerability. Due to insufficient input validation, an attacker with high privilege may inject some malicious codes in some files of the affected product...

How severe is CVE-2020-9127?

CVE-2020-9127 has been rated MEDIUM with a CVSS base score of 6.7/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-9127?

Check the references section above for vendor advisories and patch information. Affected products include: Huawei Nip6300 Firmware, Huawei Nip6300, Huawei Nip6600 Firmware, Huawei Nip6600, Huawei Secospace Usg6300 Firmware.