CVE-2012-5969
Huawei E585 - Path Traversal via PATH_INFO or req_page Parameter
Title source: llmDescription
Multiple directory traversal vulnerabilities on the Huawei E585 device allow remote attackers to (1) read arbitrary files via a .. (dot dot) in the PATH_INFO of an sdcard/ request or (2) modify arbitrary files via a .. (dot dot) in the req_page parameter to en/sms.cgi.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_confirm
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-198239.htm
US Government Resource third-party-advisory
x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/871148
Scores
EPSS
0.0007
EPSS Percentile
21.2%
Details
CWE
CWE-22
Status
published
Products (2)
huawei/e585
huawei/e585u-82
Published
Dec 19, 2012
Tracked Since
Feb 18, 2026