MEDIUM🇵🇱 Wersja polska

CVE-2021-22440

CVSS 4.6v3.1pub. 2021-07-13upd. 2024-11-21

There is a path traversal vulnerability in some Huawei products. The vulnerability is due to that the software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly validate the pathname. Successful exploit could allow the attacker to access a location that is outside of the restricted directory by a crafted filename. Affected product versions include:HUAWEI Mate 20 9.0.0.195(C01E195R2P1), 9.1.0.139(C00E133R3P1);HUAWEI Mate 20 Pro 9.0.0.187(C432E10R1P16), 9.0.0.188(C185E10R2P1), 9.0.0.245(C10E10R2P1), 9.0.0.266(C432E10R1P16), 9.0.0.267(C636E10R2P1), 9.0.0.268(C635E12R1P16), 9.0.0.278(C185E10R2P1); Hima-L29C 9.0.0.105(C10E9R1P16), 9.0.0.105(C185E9R1P16), 9.0.0.105(C636E9R1P16); Laya-AL00EP 9.1.0.139(C786E133R3P1); OxfordS-AN00A 10.1.0.223(C00E210R5P1); Tony-AL00B 9.1.0.257(C00E222R2P1).

CVSS Vector
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
  • Huawei Hima L29c

    HW
    Huawei
    wszystkie wersje
  • Huawei Hima L29c Firmware

    OS
    Huawei
    9.0.0.105\(c10e9r1p16\)9.0.0.105\(c185e9r1p16\)9.0.0.105\(c636e9r1p16\)
  • Huawei Laya Al00ep

    HW
    Huawei
    wszystkie wersje
  • Huawei Laya Al00ep Firmware

    OS
    Huawei
    9.1.0.139\(c786e133r3p1\)
  • Huawei Mate 20

    HW
    Huawei
    wszystkie wersje
  • Huawei Mate 20 Firmware

    OS
    Huawei
    9.0.0.195\(c01e195r2p1\)9.1.0.139\(c00e133r3p1\)
  • Huawei Mate 20 Pro

    HW
    Huawei
    wszystkie wersje
  • Huawei Mate 20 Pro Firmware

    OS
    Huawei
    9.0.0.187\(c432e10r1p16\)9.0.0.188\(c185e10r2p1\)9.0.0.245\(c10e10r2p1\)9.0.0.266\(c432e10r1p16\)9.0.0.267\(c636e10r2p1\)9.0.0.268\(c635e12r1p16\)9.0.0.278\(c185e10r2p1\)
  • Huawei Oxfords An00a

    HW
    Huawei
    wszystkie wersje
  • Huawei Oxfords An00a Firmware

    OS
    Huawei
    10.1.0.223\(c00e210r5p1\)
  • Huawei Tony Al00b

    HW
    Huawei
    wszystkie wersje
  • Huawei Tony Al00b Firmware

    OS
    Huawei
    9.1.0.257\(c00e222r2p1\)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Path Traversal
CWE
References

Related vulnerabilities

CVE-2020-0069HIGH7.8⚠ KEVten sam produkt

In the ioctl handlers of the Mediatek Command Queue driver, there is a possible out of bounds write due to ins...

CVE-2020-9080HIGH7.8ten sam produkt

There is an improper privilege management vulnerability in Huawei smart phone product. A local, authenticated ...

CVE-2020-9247HIGH7.8ten sam produkt

There is a buffer overflow vulnerability in several Huawei products. The system does not sufficiently validate...

CVE-2020-9113HIGH8.0ten sam produkt

HUAWEI Mate 20 versions earlier than 10.0.0.188(C00E74R3P8) have a buffer overflow vulnerability in the Blueto...

CVE-2020-0022HIGH8.8ten sam produkt

In reassemble_and_dispatch of packet_fragmenter.cc, there is possible out of bounds write due to an incorrect ...