Security Advisory - Path Traversal Vulnerability in Some Huawei Home Gateway Products

There is a path traversal vulnerability on some Huawei home gateway products. Due to the lack of validation while these home gateway products install APK plugins, an attacker tricks a user into installing a malicious APK plugin, and plugin can overwrite arbitrary file of devices. Successful exploit may result in arbitrary code execution or privilege escalation. (Vulnerability ID: HWPSIRT-2018-02030)
This vulnerability has been assigned a CVE ID: CVE-2018-7933.
Huawei has released software updates to fix this vulnerability. This advisory is available at the following link:
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180502-01-gateway-en