Path Traversal Vulnerability in Huawei Mate Series and Other Devices
CVE-2021-22440
Key Information:
- Vendor
- Huawei
- Vendor
- CVE Published:
- 13 July 2021
Summary
A path traversal vulnerability has been identified in several Huawei products where external input is used to create a pathname. The software fails to properly validate this pathname, potentially allowing an attacker to gain access to files and directories outside of the intended restricted directory. This could lead to unauthorized file access if exploited successfully.
Affected Version(s)
HUAWEI Mate 20;HUAWEI Mate 20 Pro;Hima-L29C;Laya-AL00EP;OxfordS-AN00A;Tony-AL00B 9.0.0.195(C01E195R2P1),9.1.0.139(C00E133R3P1)
HUAWEI Mate 20;HUAWEI Mate 20 Pro;Hima-L29C;Laya-AL00EP;OxfordS-AN00A;Tony-AL00B 9.0.0.187(C432E10R1P16),9.0.0.188(C185E10R2P1),9.0.0.245(C10E10R2P1),9.0.0.266(C432E10R1P16),9.0.0.267(C636E10R2P1),9.0.0.268(C635E12R1P16),9.0.0.278(C185E10R2P1)
HUAWEI Mate 20;HUAWEI Mate 20 Pro;Hima-L29C;Laya-AL00EP;OxfordS-AN00A;Tony-AL00B 9.0.0.105(C10E9R1P16),9.0.0.105(C185E9R1P16),9.0.0.105(C636E9R1P16)
References
CVSS V3.1
Timeline
Vulnerability published
Vulnerability Reserved