CVE-2017-15309
HIGHHuawei iReader < 8.0.2.301 - Path Traversal via Insufficient File Storage Path Validation
Title source: llmDescription
Huawei iReader app before 8.0.2.301 has a path traversal vulnerability due to insufficient validation on file storage paths. An attacker can exploit this vulnerability to store downloaded malicious files in an arbitrary directory.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171120-01-hwreader-en
Scores
CVSS v3
7.1
EPSS
0.0015
EPSS Percentile
34.7%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:L
Details
CWE
CWE-22
Status
published
Products (2)
huawei/ireader
< 8.0.2.301
Huawei Technologies Co., Ltd./iReader
before 8.0.2.301
Published
Dec 22, 2017
Tracked Since
Feb 18, 2026