Path Traversal Vulnerability in Huawei Mate Series and Other Devices
CVE-2021-22440

4.6MEDIUM

Key Information:

Vendor: Huawei
Status: Huawei Mate 20;huawei Mate 20 Pro;hima-l29c;laya-al00ep;oxfords-an00a;tony-al00b
Vendor: CVE Published:; 13 July 2021

Summary

A path traversal vulnerability has been identified in several Huawei products where external input is used to create a pathname. The software fails to properly validate this pathname, potentially allowing an attacker to gain access to files and directories outside of the intended restricted directory. This could lead to unauthorized file access if exploited successfully.

Affected Version(s)

HUAWEI Mate 20;HUAWEI Mate 20 Pro;Hima-L29C;Laya-AL00EP;OxfordS-AN00A;Tony-AL00B 9.0.0.195(C01E195R2P1),9.1.0.139(C00E133R3P1)

HUAWEI Mate 20;HUAWEI Mate 20 Pro;Hima-L29C;Laya-AL00EP;OxfordS-AN00A;Tony-AL00B 9.0.0.187(C432E10R1P16),9.0.0.188(C185E10R2P1),9.0.0.245(C10E10R2P1),9.0.0.266(C432E10R1P16),9.0.0.267(C636E10R2P1),9.0.0.268(C635E12R1P16),9.0.0.278(C185E10R2P1)

HUAWEI Mate 20;HUAWEI Mate 20 Pro;Hima-L29C;Laya-AL00EP;OxfordS-AN00A;Tony-AL00B 9.0.0.105(C10E9R1P16),9.0.0.105(C185E9R1P16),9.0.0.105(C636E9R1P16)

References

https://www.huawei.com/en/psirt/security-advisories/huawe...

x_refsource_MISC

CVSS V3.1

Score:

4.6

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Physical

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 13, 2021
Vulnerability Reserved
Jan 5, 2021