CVE-2017-15309

Name of the Vulnerable Software and Affected Versions Huawei iReader app versions prior to 8.0.2.301

Description The issue is related to a path traversal vulnerability due to insufficient validation on file storage paths. This allows an attacker to store downloaded malicious files in an arbitrary directory, potentially leading to privilege escalation. There are also reports of a directory traversal file deletion vulnerability.

Recommendations For versions prior to 8.0.2.301, update to version 8.0.2.301 or later to resolve the issue. As a temporary workaround, consider restricting access to file storage paths to minimize the risk of exploitation. Avoid using the onChapPack directory in the affected Huawei Reader app until the issue is resolved.