CVE-2012-5969

Name of the Vulnerable Software and Affected Versions Huawei E585 device (affected versions not specified)

Description The issue allows remote attackers to read or modify arbitrary files on the device. This can be achieved through directory traversal vulnerabilities, specifically by using a .. (dot dot) in the PATH INFO of an "sdcard/" request or in the req page parameter to the "en/sms.cgi" endpoint.

Recommendations For the Huawei E585 device, consider restricting access to the "sdcard/" directory and the "en/sms.cgi" endpoint until a fix is available. As a temporary workaround, avoid using the req page parameter in the "en/sms.cgi" endpoint to minimize the risk of exploitation.