First published: Wed Nov 22 2017(Updated: )
Mate 9 smartphones with software MHA-AL00AC00B125 have a directory traversal vulnerability in Push module. Since the system does not verify the file name during decompression, system directories are traversed. It could be exploited to cause the attacker to replace files and impact the service.
Credit: psirt@huawei.com
Affected Software | Affected Version | How to fix |
---|---|---|
Huawei Mate 9 Firmware | <=mha-al00ac00b125 | |
Huawei Mate 9 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2017-2706.
The title of the vulnerability is Mate 9 smartphones with software MHA-AL00AC00B125 have a directory traversal vulnerability in Push module.
The severity of CVE-2017-2706 is high with a CVSS score of 7.1.
Mate 9 smartphones with software MHA-AL00AC00B125 are affected by CVE-2017-2706.
CVE-2017-2706 can be exploited to cause the attacker to replace files and impact the service.
Yes, Huawei Mate 9 firmware with version up to and inclusive of MHA-AL00AC00B125 is vulnerable to CVE-2017-2706.
To fix CVE-2017-2706, apply the latest firmware update provided by Huawei.
You can find more information about CVE-2017-2706 on the Huawei Security Advisories website: http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170712-01-push-en