CVE-2020-9252
LOWHUAWEI Mate 20, Mate 20 X, Mate 20 RS, and Honor Magic2 Firmware - Path Traversal and Arbitrary File Write
Title source: llmDescription
HUAWEI Mate 20 versions earlier than 10.1.0.160(C00E160R3P8), HUAWEI Mate 20 X versions earlier than 10.1.0.135(C00E135R2P8), HUAWEI Mate 20 RS versions earlier than 10.1.0.160(C786E160R3P8), and Honor Magic2 smartphones versions earlier than 10.1.0.160(C00E160R2P11) have a path traversal vulnerability. The system does not sufficiently validate certain pathname from certain process, successful exploit could allow the attacker write files to a crafted path.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200715-07-smartphone-en
Scores
CVSS v3
2.3
EPSS
0.0003
EPSS Percentile
9.2%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
Details
CWE
CWE-22
Status
published
Products (4)
huawei/magic2_firmware
< 10.1.0.160\(c00e160r2p11\)
huawei/mate_20_firmware
< 10.1.0.160\(c00e160r3p8\)
huawei/mate_20_rs_firmware
< 10.1.0.160\(c786e160r3p8\)
huawei/mate_20_x_firmware
< 10.1.0.135\(c00e135r2p8\)
Published
Jul 17, 2020
Tracked Since
Feb 18, 2026