CVE-2021-22440

CWE-22Path Traversal3 documents3 sources
Severity
4.6MEDIUM
EPSS
0.0%
top 92.66%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Huawei Hima-l29c FirmwareHuawei Laya-al00ep FirmwareHuawei Mate 20 Firmware+3 more
Timeline
PublishedJul 13
Latest updateMay 24

Description

There is a path traversal vulnerability in some Huawei products. The vulnerability is due to that the software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly validate the pathname. Successful exploit could allow the attacker to access a location that is outside of the restricted directory by a crafted filename. Affected product versions include:HUAWEI Mate 20

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 0.9 | Impact: 3.6

Affected Packages6 packages

NVDhuawei/mate_20_firmware9.0.0.195\(c01e195r2p1\), 9.1.0.139\(c00e133r3p1\)+1
NVDhuawei/hima-l29c_firmware9.0.0.105\(c10e9r1p16\), 9.0.0.105\(c185e9r1p16\), 9.0.0.105\(c636e9r1p16\)+2
NVDhuawei/tony-al00b_firmware9.1.0.257\(c00e222r2p1\)
NVDhuawei/laya-al00ep_firmware9.1.0.139\(c786e133r3p1\)
NVDhuawei/mate_20_pro_firmware7 versions+6

🔴Vulnerability Details

2
GHSA
GHSA-8pgg-452j-v2w6: There is a path traversal vulnerability in some Huawei products2022-05-24
CVEList
CVE-2021-22440: There is a path traversal vulnerability in some Huawei products2021-07-13
CVE-2021-22440 (MEDIUM CVSS 4.6) | There is a path traversal vulnerabi | cvebase.io