Path Traversal Vulnerability in Huawei Mate Series and Other Devices
CVE-2021-22440

4.6MEDIUM

Key Information:

Summary

A path traversal vulnerability has been identified in several Huawei products where external input is used to create a pathname. The software fails to properly validate this pathname, potentially allowing an attacker to gain access to files and directories outside of the intended restricted directory. This could lead to unauthorized file access if exploited successfully.

Affected Version(s)

HUAWEI Mate 20;HUAWEI Mate 20 Pro;Hima-L29C;Laya-AL00EP;OxfordS-AN00A;Tony-AL00B 9.0.0.195(C01E195R2P1),9.1.0.139(C00E133R3P1)

HUAWEI Mate 20;HUAWEI Mate 20 Pro;Hima-L29C;Laya-AL00EP;OxfordS-AN00A;Tony-AL00B 9.0.0.187(C432E10R1P16),9.0.0.188(C185E10R2P1),9.0.0.245(C10E10R2P1),9.0.0.266(C432E10R1P16),9.0.0.267(C636E10R2P1),9.0.0.268(C635E12R1P16),9.0.0.278(C185E10R2P1)

HUAWEI Mate 20;HUAWEI Mate 20 Pro;Hima-L29C;Laya-AL00EP;OxfordS-AN00A;Tony-AL00B 9.0.0.105(C10E9R1P16),9.0.0.105(C185E9R1P16),9.0.0.105(C636E9R1P16)

References

CVSS V3.1

Score:
4.6
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Physical
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.