CVE-2017-2706

CWE-22 — Path Traversal5 documents5 sources

Severity

7.1HIGH

EPSS

0.1%

top 73.24%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Huawei Mate 9 Firmware Huawei Technologies Co., Ltd. Mate 9

Timeline

PublishedNov 22

Latest updateMay 17

Description

Mate 9 smartphones with software MHA-AL00AC00B125 have a directory traversal vulnerability in Push module. Since the system does not verify the file name during decompression, system directories are traversed. It could be exploited to cause the attacker to replace files and impact the service.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:HExploitability: 1.8 | Impact: 5.2

Affected Packages2 packages

▶NVDhuawei/mate_9_firmwaremha-al00ac00b125

▶CVEListV5huawei_technologies_co.,_ltd./mate_9MHA-AL00AC00B125

🔴Vulnerability Details

GHSA

GHSA-hx9j-rfr3-8j4f: Mate 9 smartphones with software MHA-AL00AC00B125 have a directory traversal vulnerability in Push module↗2022-05-17

▶

CVEList

CVE-2017-2706: Mate 9 smartphones with software MHA-AL00AC00B125 have a directory traversal vulnerability in Push module↗2017-11-22

▶

💥Exploits & PoCs

Exploit-DB

LibTIFF - 'tif_jbig.c' Denial of Service↗2017-07-06

▶

💬Community

Bugzilla

CVE-2017-9936 libtiff: memory leak in tif_jbig.c↗2017-07-11

▶