HUAWEI Mate 20 versions 10.1.0.160 Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) Vulnerability

Summary

HUAWEI Mate 20 versions 10.1.0.160 suffers from improper limitation of a pathname to a restricted directory (‘Path Traversal’) vulnerability

Credit:

The information has been provided by Vendor

The original article can be found at:https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200715-07-smartphone-en


Details

HUAWEI Mate 20 versions earlier than 10.1.0.160(C00E160R3P8), HUAWEI Mate 20 X versions earlier than 10.1.0.135(C00E135R2P8), HUAWEI Mate 20 RS versions earlier than 10.1.0.160(C786E160R3P8), and Honor Magic2 smartphones versions earlier than 10.1.0.160(C00E160R2P11) have a path traversal vulnerability. The system does not sufficiently validate certain pathname from certain process, successful exploit could allow the attacker write files to a crafted path.

 

Vulnerable Systems:

HUAWEI Mate 20 versions 10.1.0.160(C00E160R3P8)

HUAWEI Mate 20 X versions 10.1.0.135(C00E135R2P8)

HUAWEI Mate 20 RS versions 10.1.0.160(C786E160R3P8)

Honor Magic2 smartphones versions 10.1.0.160(C00E160R2P11)

 

CVE Information:

CVE-2020-9252

 

Disclosure Timeline:
Published Date:7/17/2020

Categories: FeaturedNews