CVE-2021-37124

Name of the Vulnerable Software and Affected Versions Huawei PCManager version 11.1.1.97 Huawei PC Smart Full Scene 11.1

Description The issue is related to a path traversal vulnerability in the Huawei PC product. This vulnerability arises because the product does not properly filter paths with special characters, allowing attackers to construct a file path with special characters to exploit this vulnerability. Successful exploitation could allow the attacker to transport a file to a certain path. The vulnerability is associated with incorrect restriction of the directory path name with limited access.

Recommendations For Huawei PCManager version 11.1.1.97, consider updating to a version that fixes this issue. For Huawei PC Smart Full Scene 11.1, consider updating to a version that fixes this issue. As a temporary workaround, consider restricting access to paths that can be modified by the application to minimize the risk of exploitation.