CVE-2020-9252

HUAWEI Mate 20 versions earlier than 10.1.0.160(C00E160R3P8), HUAWEI Mate 20 X versions earlier than 10.1.0.135(C00E135R2P8), HUAWEI Mate 20 RS versions earlier than 10.1.0.160(C786E160R3P8), and Honor Magic2 smartphones versions earlier than 10.1.0.160(C00E160R2P11) have a path traversal vulnerability. The system does not sufficiently validate certain pathname from certain process, successful exploit could allow the attacker write files to a crafted path.

Published: Jul 18, 2020
Updated: Apr 14, 2023
CVE: CVE-2020-9252
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 2.3
AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N

CVSS v2:

Severity: Low
Score: 2.1
AV:L/AC:L/Au:N/C:N/I:P/A:N

CWEs:

CWE-22

OWASP TOP 10:

A5 - Broken Access Control

Affected Software
References

Software	From	Fixed in
huawei / mate_20_firmware	-	10.1.0.160\(c00e160r3p8\)
huawei / mate_20_x_firmware	-	10.1.0.135\(c00e135r2p8\)
huawei / mate_20_rs_firmware	-	10.1.0.160\(c786e160r3p8\)
huawei / magic2_firmware	-	10.1.0.160\(c00e160r2p11\)

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200715-07-smartphone-en

Vulnerability Database

289,697

CVE-2020-9252