CVE-2017-2693

Published: Nov 22, 2017 Last Modified: Apr 20, 2025 EU-VD ID: EUVD-2017-11836 Aliases: GSD-2017-2693
ExploitDB:
Other exploit source:
Google Dorks:
HIGH 7,8
Source: [email protected]
Attack Vector: local
Attack Complexity: low
Privileges Required: none
User Interaction: required
Scope: unchanged
Confidentiality: high
Integrity: high
Availability: high
MEDIUM 6,8
Source: [email protected]
Access Vector: network
Access Complexity: medium
Authentication: none
Confidentiality: partial
Integrity: partial
Availability: partial

Description

AI Translation Available

ALE-L02C635B140 and earlier versions,ALE-L02C636B140 and earlier versions,ALE-L21C10B150 and earlier versions,ALE-L21C185B200 and earlier versions,ALE-L21C432B214 and earlier versions,ALE-L21C464B150 and earlier versions,ALE-L21C636B200 and earlier versions,ALE-L23C605B190 and earlier versions,ALE-TL00C01B250 and earlier versions,ALE-UL00C00B250 and earlier versions,MT7-L09C605B325 and earlier versions,MT7-L09C900B339 and earlier versions,MT7-TL10C900B339 and earlier versions,CRR-CL00C92B172 and earlier versions,CRR-L09C432B180 and earlier versions,CRR-TL00C01B172 and earlier versions,CRR-UL00C00B172 and earlier versions,CRR-UL20C432B171 and earlier versions,GRA-CL00C92B230 and earlier versions,GRA-L09C432B222 and earlier versions,GRA-TL00C01B230SP01 and earlier versions,GRA-UL00C00B230 and earlier versions,GRA-UL00C10B201 and earlier versions,GRA-UL00C432B220 and earlier versions,H60-L04C10B523 and earlier versions,H60-L04C185B523 and earlier versions,H60-L04C636B527 and earlier versions,H60-L04C900B530 and earlier versions,PLK-AL10C00B220 and earlier versions,PLK-AL10C92B220 and earlier versions,PLK-CL00C92B220 and earlier versions,PLK-L01C10B140 and earlier versions,PLK-L01C185B130 and earlier versions,PLK-L01C432B187 and earlier versions,PLK-L01C432B190 and earlier versions,PLK-L01C432B190 and earlier versions,PLK-L01C636B130 and earlier versions,PLK-TL00C01B220 and earlier versions,PLK-TL01HC01B220 and earlier versions,PLK-UL00C17B220 and earlier versions,ATH-AL00C00B210 and earlier versions,ATH-AL00C92B200 and earlier versions,ATH-CL00C92B210 and earlier versions,ATH-TL00C01B210 and earlier versions,ATH-TL00HC01B210 and earlier versions,ATH-UL00C00B210 and earlier versions,RIO-AL00C00B220 and earlier versions,RIO-CL00C92B220 and earlier versions,RIO-TL00C01B220 and earlier versions,RIO-UL00C00B220 and earlier versions have a path traversal vulnerability. An attacker may exploit it to decompress malicious files into a target path.

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score
0,0024
Percentile
0,5th
Updated

EPSS Score Trend (Last 91 Days)

22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Stable
Abstraction: Base Structure: Simple
Common Consequences
Security Scopes Affected:
Integrity Confidentiality Availability
Potential Impacts:
Execute Unauthorized Code Or Commands Modify Files Or Directories Read Files Or Directories Dos: Crash, Exit, Or Restart
Applicable Platforms
Technologies: AI/ML
Likelihood of Exploit: High
View CWE Details
Operating System

Mate S Firmware by Huawei

Product Information
Vendor Huawei
Product Mate S Firmware
Version Range Affected
To crr-tl00c01b172 (inclusive)
cpe:2.3:o:huawei:mate_s_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

P8 Lite Firmware by Huawei

Product Information
Vendor Huawei
Product P8 Lite Firmware
Version Range Affected
To ale-l21c432b214 (inclusive)
cpe:2.3:o:huawei:p8_lite_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Mate S Firmware by Huawei

Product Information
Vendor Huawei
Product Mate S Firmware
Version Range Affected
To crr-l09c432b180 (inclusive)
cpe:2.3:o:huawei:mate_s_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Honor 7 Firmware by Huawei

Product Information
Vendor Huawei
Product Honor 7 Firmware
Version Range Affected
To plk-al10c00b220 (inclusive)
cpe:2.3:o:huawei:honor_7_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Honor 7 Firmware by Huawei

Product Information
Vendor Huawei
Product Honor 7 Firmware
Version Range Affected
To plk-tl01hc01b220 (inclusive)
cpe:2.3:o:huawei:honor_7_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

G8 Firmware by Huawei

Product Information
Vendor Huawei
Product G8 Firmware
Version Range Affected
To rio-tl00c01b220 (inclusive)
cpe:2.3:o:huawei:g8_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

G8 Firmware by Huawei

Product Information
Vendor Huawei
Product G8 Firmware
Version Range Affected
To rio-ul00c00b220 (inclusive)
cpe:2.3:o:huawei:g8_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Honor 7 Firmware by Huawei

Product Information
Vendor Huawei
Product Honor 7 Firmware
Version Range Affected
To plk-l01c432b187 (inclusive)
cpe:2.3:o:huawei:honor_7_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

P8 Firmware by Huawei

Product Information
Vendor Huawei
Product P8 Firmware
Version Range Affected
To gra-ul00c00b230 (inclusive)
cpe:2.3:o:huawei:p8_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

G8 Firmware by Huawei

Product Information
Vendor Huawei
Product G8 Firmware
Version Range Affected
To rio-al00c00b220 (inclusive)
cpe:2.3:o:huawei:g8_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Honor 7 Firmware by Huawei

Product Information
Vendor Huawei
Product Honor 7 Firmware
Version Range Affected
To plk-ul00c17b220 (inclusive)
cpe:2.3:o:huawei:honor_7_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

P8 Lite Firmware by Huawei

Product Information
Vendor Huawei
Product P8 Lite Firmware
Version Range Affected
To ale-l21c10b150 (inclusive)
cpe:2.3:o:huawei:p8_lite_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

P8 Firmware by Huawei

Product Information
Vendor Huawei
Product P8 Firmware
Version Range Affected
To gra-ul00c10b201 (inclusive)
cpe:2.3:o:huawei:p8_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Mate 7 Firmware by Huawei

Product Information
Vendor Huawei
Product Mate 7 Firmware
Version Range Affected
To mt7-l09c605b325 (inclusive)
cpe:2.3:o:huawei:mate_7_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Honor 7 Firmware by Huawei

Product Information
Vendor Huawei
Product Honor 7 Firmware
Version Range Affected
To plk-l01c432b190 (inclusive)
cpe:2.3:o:huawei:honor_7_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Mate 7 Firmware by Huawei

Product Information
Vendor Huawei
Product Mate 7 Firmware
Version Range Affected
To mt7-tl10c900b339 (inclusive)
cpe:2.3:o:huawei:mate_7_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Honor 7 Firmware by Huawei

Product Information
Vendor Huawei
Product Honor 7 Firmware
Version Range Affected
To plk-l01c636b130 (inclusive)
cpe:2.3:o:huawei:honor_7_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Mate S Firmware by Huawei

Product Information
Vendor Huawei
Product Mate S Firmware
Version Range Affected
To crr-cl00c92b172 (inclusive)
cpe:2.3:o:huawei:mate_s_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

P8 Firmware by Huawei

Product Information
Vendor Huawei
Product P8 Firmware
Version Range Affected
To gra-l09c432b222 (inclusive)
cpe:2.3:o:huawei:p8_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Honor 6 Firmware by Huawei

Product Information
Vendor Huawei
Product Honor 6 Firmware
Version Range Affected
To h60-l04c636b527 (inclusive)
cpe:2.3:o:huawei:honor_6_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

P8 Lite Firmware by Huawei

Product Information
Vendor Huawei
Product P8 Lite Firmware
Version Range Affected
To ale-l02c635b140 (inclusive)
cpe:2.3:o:huawei:p8_lite_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

P8 Lite Firmware by Huawei

Product Information
Vendor Huawei
Product P8 Lite Firmware
Version Range Affected
To ale-l21c636b200 (inclusive)
cpe:2.3:o:huawei:p8_lite_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

P8 Lite Firmware by Huawei

Product Information
Vendor Huawei
Product P8 Lite Firmware
Version Range Affected
To ale-l23c605b190 (inclusive)
cpe:2.3:o:huawei:p8_lite_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Shotx Firmware by Huawei

Product Information
Vendor Huawei
Product Shotx Firmware
Version Range Affected
To ath-tl00c01b210 (inclusive)
cpe:2.3:o:huawei:shotx_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

P8 Lite Firmware by Huawei

Product Information
Vendor Huawei
Product P8 Lite Firmware
Version Range Affected
To ale-l21c464b150 (inclusive)
cpe:2.3:o:huawei:p8_lite_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

P8 Lite Firmware by Huawei

Product Information
Vendor Huawei
Product P8 Lite Firmware
Version Range Affected
To ale-l02c636b140 (inclusive)
cpe:2.3:o:huawei:p8_lite_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

P8 Firmware by Huawei

Product Information
Vendor Huawei
Product P8 Firmware
Version Range Affected
To gra-cl00c92b230 (inclusive)
cpe:2.3:o:huawei:p8_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

P8 Firmware by Huawei

Product Information
Vendor Huawei
Product P8 Firmware
Version Range Affected
To gra-ul00c432b220 (inclusive)
cpe:2.3:o:huawei:p8_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Honor 7 Firmware by Huawei

Product Information
Vendor Huawei
Product Honor 7 Firmware
Version Range Affected
To plk-al10c92b220 (inclusive)
cpe:2.3:o:huawei:honor_7_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

P8 Lite Firmware by Huawei

Product Information
Vendor Huawei
Product P8 Lite Firmware
Version Range Affected
To ale-l21c185b200 (inclusive)
cpe:2.3:o:huawei:p8_lite_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Honor 6 Firmware by Huawei

Product Information
Vendor Huawei
Product Honor 6 Firmware
Version Range Affected
To h60-l04c10b523 (inclusive)
cpe:2.3:o:huawei:honor_6_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Shotx Firmware by Huawei

Product Information
Vendor Huawei
Product Shotx Firmware
Version Range Affected
To ath-al00c92b200 (inclusive)
cpe:2.3:o:huawei:shotx_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Mate 7 Firmware by Huawei

Product Information
Vendor Huawei
Product Mate 7 Firmware
Version Range Affected
To mt7-l09c900b339 (inclusive)
cpe:2.3:o:huawei:mate_7_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Honor 7 Firmware by Huawei

Product Information
Vendor Huawei
Product Honor 7 Firmware
Version Range Affected
To plk-tl00c01b220 (inclusive)
cpe:2.3:o:huawei:honor_7_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Shotx Firmware by Huawei

Product Information
Vendor Huawei
Product Shotx Firmware
Version Range Affected
To ath-al00c00b210 (inclusive)
cpe:2.3:o:huawei:shotx_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Shotx Firmware by Huawei

Product Information
Vendor Huawei
Product Shotx Firmware
Version Range Affected
To ath-ul00c00b210 (inclusive)
cpe:2.3:o:huawei:shotx_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Honor 6 Firmware by Huawei

Product Information
Vendor Huawei
Product Honor 6 Firmware
Version Range Affected
To h60-l04c900b530 (inclusive)
cpe:2.3:o:huawei:honor_6_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

P8 Lite Firmware by Huawei

Product Information
Vendor Huawei
Product P8 Lite Firmware
Version Range Affected
To ale-tl00c01b250 (inclusive)
cpe:2.3:o:huawei:p8_lite_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Honor 6 Firmware by Huawei

Product Information
Vendor Huawei
Product Honor 6 Firmware
Version Range Affected
To h60-l04c185b523 (inclusive)
cpe:2.3:o:huawei:honor_6_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

P8 Firmware by Huawei

Product Information
Vendor Huawei
Product P8 Firmware
Version Range Affected
To gra-tl00c01b230sp01 (inclusive)
cpe:2.3:o:huawei:p8_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Shotx Firmware by Huawei

Product Information
Vendor Huawei
Product Shotx Firmware
Version Range Affected
To rio-al00c00b220 (inclusive)
cpe:2.3:o:huawei:shotx_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

P8 Lite Firmware by Huawei

Product Information
Vendor Huawei
Product P8 Lite Firmware
Version Range Affected
To ale-ul00c00b250. (inclusive)
cpe:2.3:o:huawei:p8_lite_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Shotx Firmware by Huawei

Product Information
Vendor Huawei
Product Shotx Firmware
Version Range Affected
To ath-cl00c92b210 (inclusive)
cpe:2.3:o:huawei:shotx_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Honor 7 Firmware by Huawei

Product Information
Vendor Huawei
Product Honor 7 Firmware
Version Range Affected
To plk-l01c10b140 (inclusive)
cpe:2.3:o:huawei:honor_7_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Honor 7 Firmware by Huawei

Product Information
Vendor Huawei
Product Honor 7 Firmware
Version Range Affected
To plk-cl00c92b220 (inclusive)
cpe:2.3:o:huawei:honor_7_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Shotx Firmware by Huawei

Product Information
Vendor Huawei
Product Shotx Firmware
Version Range Affected
To ath-tl00hc01b210 (inclusive)
cpe:2.3:o:huawei:shotx_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Mate S Firmware by Huawei

Product Information
Vendor Huawei
Product Mate S Firmware
Version Range Affected
To crr-ul00c00b172 (inclusive)
cpe:2.3:o:huawei:mate_s_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Mate S Firmware by Huawei

Product Information
Vendor Huawei
Product Mate S Firmware
Version Range Affected
To crr-ul20c432b171 (inclusive)
cpe:2.3:o:huawei:mate_s_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

G8 Firmware by Huawei

Product Information
Vendor Huawei
Product G8 Firmware
Version Range Affected
To rio-cl00c92b220 (inclusive)
cpe:2.3:o:huawei:g8_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
http://www.huawei.com/en/psirt/security-advisories/huawei-s…
Issue Tracking Vendor Advisory
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170125-01-emui-en
http://www.securityfocus.com/bid/95919
Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/95919
http://www.huawei.com/en/psirt/security-advisories/huawei-s…
Issue Tracking Vendor Advisory
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170125-01-emui-en
http://www.securityfocus.com/bid/95919
Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/95919