CVE-2020-9252

CWE-22Path Traversal3 documents3 sources
Severity
2.3LOW
EPSS
0.0%
top 91.10%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Huawei Magic2 FirmwareHuawei Mate 20 FirmwareHuawei Mate 20 RS Firmware+1 more
Timeline
PublishedJul 17
Latest updateMay 24

Description

HUAWEI Mate 20 versions earlier than 10.1.0.160(C00E160R3P8), HUAWEI Mate 20 X versions earlier than 10.1.0.135(C00E135R2P8), HUAWEI Mate 20 RS versions earlier than 10.1.0.160(C786E160R3P8), and Honor Magic2 smartphones versions earlier than 10.1.0.160(C00E160R2P11) have a path traversal vulnerability. The system does not sufficiently validate certain pathname from certain process, successful exploit could allow the attacker write files to a crafted path.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:NExploitability: 0.8 | Impact: 1.4

Affected Packages8 packages

NVDhuawei/mate_20_firmware< 10.1.0.160\(c00e160r3p8\)
NVDhuawei/mate_20_x_firmware< 10.1.0.135\(c00e135r2p8\)
NVDhuawei/mate_20_rs_firmware< 10.1.0.160\(c786e160r3p8\)
CVEListV5huawei_mate_20Versions earlier than 10.1.0.160(C00E160R3P8)
CVEListV5huawei_mate_20_xVersions earlier than 10.1.0.135(C00E135R2P8)

🔴Vulnerability Details

2
GHSA
GHSA-9v6x-99vx-fw68: HUAWEI Mate 20 versions earlier than 102022-05-24
CVEList
CVE-2020-9252: HUAWEI Mate 20 versions earlier than 102020-07-17
CVE-2020-9252 (LOW CVSS 2.3) | HUAWEI Mate 20 versions earlier tha | cvebase.io