CVE-2017-2706
HIGHHuawei Mate 9 Firmware MHA-AL00AC00B125 - Path Traversal in Push Module
Title source: llmDescription
Mate 9 smartphones with software MHA-AL00AC00B125 have a directory traversal vulnerability in Push module. Since the system does not verify the file name during decompression, system directories are traversed. It could be exploited to cause the attacker to replace files and impact the service.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170712-01-push-en
Scores
CVSS v3
7.1
EPSS
0.0010
EPSS Percentile
26.5%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
Details
CWE
CWE-22
Status
published
Products (2)
huawei/mate_9_firmware
< mha-al00ac00b125
Huawei Technologies Co., Ltd./Mate 9
MHA-AL00AC00B125
Published
Nov 22, 2017
Tracked Since
Feb 18, 2026