CVE-2021-37124 — Path Traversal in Huawei PC Smart Full Scene

CWE-22 — Path Traversal3 documents3 sources

Severity

6.5MEDIUMNVD

EPSS

0.0%

top 86.38%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Huawei PC Smart Full Scene Huawei Pcmanager

Timeline

PublishedOct 27

Latest updateMay 24

Description

There is a path traversal vulnerability in Huawei PC product. Because the product does not filter path with special characters,attackers can construct a file path with special characters to exploit this vulnerability. Successful exploitation could allow the attacker to transport a file to certain path.Affected product versions include:PC Smart Full Scene 11.1 versions PCManager 11.1.1.97.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶NVDhuawei/pc_smart_full_scene11.1

▶NVDhuawei/pcmanager11.1.1.97

🔴Vulnerability Details

GHSA

GHSA-crjm-65gw-qhwr: There is a path traversal vulnerability in Huawei PC product↗2022-05-24

▶

CVEList

CVE-2021-37124: There is a path traversal vulnerability in Huawei PC product↗2021-10-27

▶