First published: Fri Jul 17 2020(Updated: )
HUAWEI Mate 20 versions earlier than 10.1.0.160(C00E160R3P8), HUAWEI Mate 20 X versions earlier than 10.1.0.135(C00E135R2P8), HUAWEI Mate 20 RS versions earlier than 10.1.0.160(C786E160R3P8), and Honor Magic2 smartphones versions earlier than 10.1.0.160(C00E160R2P11) have a path traversal vulnerability. The system does not sufficiently validate certain pathname from certain process, successful exploit could allow the attacker write files to a crafted path.
Credit: psirt@huawei.com
Affected Software | Affected Version | How to fix |
---|---|---|
Huawei Mate 20 Firmware | <10.1.0.160\(c00e160r3p8\) | |
HUAWEI Mate 20 | ||
Huawei Mate 20 X Firmware | <10.1.0.135\(c00e135r2p8\) | |
HUAWEI Mate 20 X | ||
Huawei Mate 20 Rs Firmware | <10.1.0.160\(c786e160r3p8\) | |
HUAWEI Mate 20 RS | ||
Huawei Magic2 Firmware | <10.1.0.160\(c00e160r2p11\) | |
Huawei Magic2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2020-9252 is low with a CVSS score of 2.3.
HUAWEI Mate 20 versions earlier than 10.1.0.160(C00E160R3P8), HUAWEI Mate 20 X versions earlier than 10.1.0.135(C00E135R2P8), HUAWEI Mate 20 RS versions earlier than 10.1.0.160(C786E160R3P8), and Honor Magic2 smartphones versions earlier than 10.1.0.160(C00E160R2P11) are affected by CVE-2020-9252.
The vulnerability in HUAWEI Mate 20 devices is a path traversal vulnerability.
To fix CVE-2020-9252, update your HUAWEI Mate 20 device to version 10.1.0.160(C00E160R3P8) or later.
You can find more information about CVE-2020-9252 on the Huawei website at https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200715-07-smartphone-en.