Huawei Mate 20X Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) Vulnerability

Summary

A successful exploit could allow the attacker to transport a file to an arbitrary path on the phone.

Credit:

The information has been provided by Huawei

The original article can be found at:

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190703-01-share-en


Details

There is a path traversal vulnerability on Huawei Share. The software does not properly validate the path, an attacker could crafted a file path when transporting file through Huawei Share, successful exploit could allow the attacker to transport a file to arbitrary path on the phone

Vulnerable Systems:

Mate 20 X

CVE Information:

CVE-2019-5221

Disclosure Timeline:
Published Date:07/16/2019