Directory traversal

2017-11-2219:29:00

PRIOn knowledge base

www.prio-n.com

6.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

21.6%

JSON

Mate 9 smartphones with software MHA-AL00AC00B125 have a directory traversal vulnerability in Push module. Since the system does not verify the file name during decompression, system directories are traversed. It could be exploited to cause the attacker to replace files and impact the service.

CPENameOperatorVersion
mate_9_firmwareeq<= mha-al0ac0b125

CPE	Name	Operator	Version
	mate_9_firmware	eq	<= mha-al0ac0b125

References

www.huawei.com/en/psirt/security-advisories/huawei-sa-20170712-01-push-en