Vulnerability Description
There is a signature management vulnerability in some huawei products. An attacker can forge signature and bypass the signature check. During firmware update process, successful exploit this vulnerability can cause the forged system file overwrite the correct system file. Affected product versions include:iManager NetEco V600R010C00CP2001,V600R010C00CP2002,V600R010C00SPC100,V600R010C00SPC110,V600R010C00SPC120,V600R010C00SPC200,V600R010C00SPC210,V600R010C00SPC300;iManager NetEco 6000 V600R009C00SPC100,V600R009C00SPC110,V600R009C00SPC120,V600R009C00SPC190,V600R009C00SPC200,V600R009C00SPC201,V600R009C00SPC202,V600R009C00SPC210.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Huawei | Imanager Neteco 6000 Firmware | v600r010c00cp2001 |
| Huawei | Imanager Neteco 6000 | - |
| Huawei | Imanager Neteco Firmware | v600r009c00spc100 |
| Huawei | Imanager Neteco | - |
Related Weaknesses (CWE)
References
- https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20211020-01-signatVendor Advisory
- https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20211020-01-signatVendor Advisory
FAQ
What is CVE-2021-37127?
CVE-2021-37127 is a vulnerability with a CVSS score of 7.2 (HIGH). There is a signature management vulnerability in some huawei products. An attacker can forge signature and bypass the signature check. During firmware update process, successful exploit this vulnerabi...
How severe is CVE-2021-37127?
CVE-2021-37127 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-37127?
Check the references section above for vendor advisories and patch information. Affected products include: Huawei Imanager Neteco 6000 Firmware, Huawei Imanager Neteco 6000, Huawei Imanager Neteco Firmware, Huawei Imanager Neteco.