CVE-2020-9106Path Traversal in Huawei P30 PRO Firmware

CWE-22Path TraversalCWE-426Untrusted Search Path3 documents3 sources
Severity
4.6MEDIUMNVD
EPSS
0.0%
top 91.86%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Huawei P30 PRO FirmwareHuawei P30 PRO
Timeline
PublishedOct 12
Latest updateMay 24

Description

HUAWEI P30 Pro versions earlier than 10.1.0.160(C00E160R2P8) have a path traversal vulnerability. The system does not sufficiently validate certain pathname, successful exploit could allow the attacker access files and cause information disclosure.

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 0.9 | Impact: 3.6

Affected Packages2 packages

NVDhuawei/p30_pro_firmware< 10.1.0.160\(c00e160r2p8\)
CVEListV5huawei/huawei_p30_proVersions earlier than 10.1.0.160(C00E160R2P8)

🔴Vulnerability Details

2
GHSA
GHSA-hq5m-j87x-cf2w: HUAWEI P30 Pro versions earlier than 102022-05-24
CVEList
CVE-2020-9106: HUAWEI P30 Pro versions earlier than 102020-10-12
CVE-2020-9106 — Path Traversal in Huawei | cvebase