There is a path traversal vulnerability in some Huawei products. The vulnerability is due to that the software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly validate the pathname. Successful exploit could allow the attacker to access a location that is outside of the restricted directory by a crafted filename. Affected product versions include:HUAWEI Mate 20 9.0.0.195(C01E195R2P1), 9.1.0.139(C00E133R3P1);HUAWEI Mate 20 Pro 9.0.0.187(C432E10R1P16), 9.0.0.188(C185E10R2P1), 9.0.0.245(C10E10R2P1), 9.0.0.266(C432E10R1P16), 9.0.0.267(C636E10R2P1), 9.0.0.268(C635E12R1P16), 9.0.0.278(C185E10R2P1); Hima-L29C 9.0.0.105(C10E9R1P16), 9.0.0.105(C185E9R1P16), 9.0.0.105(C636E9R1P16); Laya-AL00EP 9.1.0.139(C786E133R3P1); OxfordS-AN00A 10.1.0.223(C00E210R5P1); Tony-AL00B 9.1.0.257(C00E222R2P1).
oryginał ENCVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NHuawei Hima L29c
HWHuaweiwszystkie wersjeHuawei Hima L29c Firmware
OSHuawei9.0.0.105\(c10e9r1p16\)9.0.0.105\(c185e9r1p16\)9.0.0.105\(c636e9r1p16\)Huawei Laya Al00ep
HWHuaweiwszystkie wersjeHuawei Laya Al00ep Firmware
OSHuawei9.1.0.139\(c786e133r3p1\)Huawei Mate 20
HWHuaweiwszystkie wersjeHuawei Mate 20 Firmware
OSHuawei9.0.0.195\(c01e195r2p1\)9.1.0.139\(c00e133r3p1\)Huawei Mate 20 Pro
HWHuaweiwszystkie wersjeHuawei Mate 20 Pro Firmware
OSHuawei9.0.0.187\(c432e10r1p16\)9.0.0.188\(c185e10r2p1\)9.0.0.245\(c10e10r2p1\)9.0.0.266\(c432e10r1p16\)9.0.0.267\(c636e10r2p1\)9.0.0.268\(c635e12r1p16\)9.0.0.278\(c185e10r2p1\)Huawei Oxfords An00a
HWHuaweiwszystkie wersjeHuawei Oxfords An00a Firmware
OSHuawei10.1.0.223\(c00e210r5p1\)Huawei Tony Al00b
HWHuaweiwszystkie wersjeHuawei Tony Al00b Firmware
OSHuawei9.1.0.257\(c00e222r2p1\)
Powiązane podatności
In the ioctl handlers of the Mediatek Command Queue driver, there is a possible out of bounds write due to ins...
There is an improper privilege management vulnerability in Huawei smart phone product. A local, authenticated ...
There is a buffer overflow vulnerability in several Huawei products. The system does not sufficiently validate...
HUAWEI Mate 20 versions earlier than 10.0.0.188(C00E74R3P8) have a buffer overflow vulnerability in the Blueto...
In reassemble_and_dispatch of packet_fragmenter.cc, there is possible out of bounds write due to an incorrect ...