CWE
22
Advisory Published
Updated

CVE-2021-22440: Path Traversal

First published: Tue Jul 13 2021(Updated: )

There is a path traversal vulnerability in some Huawei products. The vulnerability is due to that the software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly validate the pathname. Successful exploit could allow the attacker to access a location that is outside of the restricted directory by a crafted filename. Affected product versions include:HUAWEI Mate 20 9.0.0.195(C01E195R2P1), 9.1.0.139(C00E133R3P1);HUAWEI Mate 20 Pro 9.0.0.187(C432E10R1P16), 9.0.0.188(C185E10R2P1), 9.0.0.245(C10E10R2P1), 9.0.0.266(C432E10R1P16), 9.0.0.267(C636E10R2P1), 9.0.0.268(C635E12R1P16), 9.0.0.278(C185E10R2P1); Hima-L29C 9.0.0.105(C10E9R1P16), 9.0.0.105(C185E9R1P16), 9.0.0.105(C636E9R1P16); Laya-AL00EP 9.1.0.139(C786E133R3P1); OxfordS-AN00A 10.1.0.223(C00E210R5P1); Tony-AL00B 9.1.0.257(C00E222R2P1).

Credit: psirt@huawei.com

Affected SoftwareAffected VersionHow to fix
Huawei Mate 20 Firmware=9.0.0.195\(c01e195r2p1\)
Huawei Mate 20 Firmware=9.1.0.139\(c00e133r3p1\)
HUAWEI Mate 20
Huawei Mate 20 Pro Firmware=9.0.0.187\(c432e10r1p16\)
Huawei Mate 20 Pro Firmware=9.0.0.188\(c185e10r2p1\)
Huawei Mate 20 Pro Firmware=9.0.0.245\(c10e10r2p1\)
Huawei Mate 20 Pro Firmware=9.0.0.266\(c432e10r1p16\)
Huawei Mate 20 Pro Firmware=9.0.0.267\(c636e10r2p1\)
Huawei Mate 20 Pro Firmware=9.0.0.268\(c635e12r1p16\)
Huawei Mate 20 Pro Firmware=9.0.0.278\(c185e10r2p1\)
HUAWEI Mate 20 Pro
Google Android=9.0.0.105\(c10e9r1p16\)
Google Android=9.0.0.105\(c185e9r1p16\)
Google Android=9.0.0.105\(c636e9r1p16\)
Huawei Hima-l29c
Huawei Laya-al00ep Firmware=9.1.0.139\(c786e133r3p1\)
Huawei Laya-al00ep
Huawei Oxfords-an00a Firmware=10.1.0.223\(c00e210r5p1\)
Huawei Oxfords-an00a
Huawei Tony-al00b Firmware=9.1.0.257\(c00e222r2p1\)
Huawei Tony-al00b

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Frequently Asked Questions

  • What is CVE-2021-22440?

    CVE-2021-22440 is a path traversal vulnerability found in some Huawei products.

  • How does CVE-2021-22440 occur?

    CVE-2021-22440 occurs when the software uses external input to construct a pathname that is intended to identify a file or directory located underneath a restricted parent directory, but the software does not properly validate the input.

  • Which Huawei products are affected by CVE-2021-22440?

    Some affected Huawei products include Huawei Mate 20 Firmware (version 9.0.0.195(c01e195r2p1) and 9.1.0.139(c00e133r3p1)), Huawei Mate 20 Pro Firmware (versions 9.0.0.187(c432e10r1p16), 9.0.0.188(c185e10r2p1), 9.0.0.245(c10e10r2p1), 9.0.0.266(c432e10r1p16), 9.0.0.267(c636e10r2p1), 9.0.0.268(c635e12r1p16), and 9.0.0.278(c185e10r2p1)), Huawei Hima-l29c (versions 9.0.0.105(c10e9r1p16), 9.0.0.105(c185e9r1p16), and 9.0.0.105(c636e9r1p16)), Huawei Laya-al00ep (version 9.1.0.139(c786e133r3p1)), Huawei Oxfords-an00a (version 10.1.0.223(c00e210r5p1)), and Huawei Tony-al00b (version 9.1.0.257(c00e222r2p1)).

  • What is the severity of CVE-2021-22440?

    CVE-2021-22440 has a severity keyword of 'medium' and a severity value of 4.6.

  • How can I fix CVE-2021-22440?

    To fix CVE-2021-22440, it is recommended to apply the necessary security updates provided by Huawei.

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203