CVE-2019-5221 — Path Traversal in Huawei Mate 20 X Firmware

CWE-22 — Path Traversal3 documents3 sources

Severity

6.5MEDIUMNVD

EPSS

0.0%

top 86.38%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Huawei Mate 20 X Firmware Huawei Mate 20 X

Timeline

PublishedJul 10

Latest updateMay 24

Description

There is a path traversal vulnerability on Huawei Share. The software does not properly validate the path, an attacker could crafted a file path when transporting file through Huawei Share, successful exploit could allow the attacker to transport a file to arbitrary path on the phone. Affected products: Mate 20 X versions earlier than Ever-L29B 9.1.0.300(C432E3R1P12), versions earlier than Ever-L29B 9.1.0.300(C636E3R2P1), and versions earlier than Ever-L29B 9.1.0.300(C185E3R3P1).

CVSS vector

CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶NVDhuawei/mate_20_x_firmware< ever-l29b_9.1.0.300\(c636e3r2p1\)+2

▶CVEListV5huawei/mate_20_xVersions earlier than Ever-L29B 9.1.0.300(C185E3R3P1), Versions earlier than Ever-L29B 9.1.0.300(C432E3R1P12), Versions earlier than Ever-L29B 9.1.0.300(C636E3R2P1)+2

🔴Vulnerability Details

GHSA

GHSA-92v3-xfvv-5c39: There is a path traversal vulnerability on Huawei Share↗2022-05-24

▶

CVEList

CVE-2019-5221: There is a path traversal vulnerability on Huawei Share↗2019-07-10

▶