PT-2019-17513 · Huawei · Huawei Share+1
Wen Guanxing
·
Published
2019-07-10
·
Updated
2019-07-18
·
CVE-2019-5221
CVSS v3.1
6.5
Medium
| Vector | AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Huawei Mate 20 X versions earlier than 9.1.0.300(C432E3R1P12)
Huawei Mate 20 X versions earlier than 9.1.0.300(C636E3R2P1)
Huawei Mate 20 X versions earlier than 9.1.0.300(C185E3R3P1)
Description
The issue is related to a path traversal vulnerability in Huawei Share. It occurs because the software does not properly validate file paths. An attacker could exploit this by crafting a file path when transporting files through Huawei Share, potentially allowing them to transport a file to an arbitrary path on the phone.
Recommendations
For versions earlier than 9.1.0.300(C432E3R1P12), update to version 9.1.0.300(C432E3R1P12) or later.
For versions earlier than 9.1.0.300(C636E3R2P1), update to version 9.1.0.300(C636E3R2P1) or later.
For versions earlier than 9.1.0.300(C185E3R3P1), update to version 9.1.0.300(C185E3R3P1) or later.
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Huawei Mate 20
Huawei Share