7.8
CVE-2017-2693
- EPSS 0.24%
- Published 22.11.2017 19:29:00
- Last modified 20.04.2025 01:37:25
- Source psirt@huawei.com
- Teams watchlist Login
- Open Login
ALE-L02C635B140 and earlier versions,ALE-L02C636B140 and earlier versions,ALE-L21C10B150 and earlier versions,ALE-L21C185B200 and earlier versions,ALE-L21C432B214 and earlier versions,ALE-L21C464B150 and earlier versions,ALE-L21C636B200 and earlier versions,ALE-L23C605B190 and earlier versions,ALE-TL00C01B250 and earlier versions,ALE-UL00C00B250 and earlier versions,MT7-L09C605B325 and earlier versions,MT7-L09C900B339 and earlier versions,MT7-TL10C900B339 and earlier versions,CRR-CL00C92B172 and earlier versions,CRR-L09C432B180 and earlier versions,CRR-TL00C01B172 and earlier versions,CRR-UL00C00B172 and earlier versions,CRR-UL20C432B171 and earlier versions,GRA-CL00C92B230 and earlier versions,GRA-L09C432B222 and earlier versions,GRA-TL00C01B230SP01 and earlier versions,GRA-UL00C00B230 and earlier versions,GRA-UL00C10B201 and earlier versions,GRA-UL00C432B220 and earlier versions,H60-L04C10B523 and earlier versions,H60-L04C185B523 and earlier versions,H60-L04C636B527 and earlier versions,H60-L04C900B530 and earlier versions,PLK-AL10C00B220 and earlier versions,PLK-AL10C92B220 and earlier versions,PLK-CL00C92B220 and earlier versions,PLK-L01C10B140 and earlier versions,PLK-L01C185B130 and earlier versions,PLK-L01C432B187 and earlier versions,PLK-L01C432B190 and earlier versions,PLK-L01C432B190 and earlier versions,PLK-L01C636B130 and earlier versions,PLK-TL00C01B220 and earlier versions,PLK-TL01HC01B220 and earlier versions,PLK-UL00C17B220 and earlier versions,ATH-AL00C00B210 and earlier versions,ATH-AL00C92B200 and earlier versions,ATH-CL00C92B210 and earlier versions,ATH-TL00C01B210 and earlier versions,ATH-TL00HC01B210 and earlier versions,ATH-UL00C00B210 and earlier versions,RIO-AL00C00B220 and earlier versions,RIO-CL00C92B220 and earlier versions,RIO-TL00C01B220 and earlier versions,RIO-UL00C00B220 and earlier versions have a path traversal vulnerability. An attacker may exploit it to decompress malicious files into a target path.
Data is provided by the National Vulnerability Database (NVD)
Huawei ≫ P8 Lite Firmware Version <= ale-l02c635b140
Huawei ≫ P8 Lite Firmware Version <= ale-l02c636b140
Huawei ≫ P8 Lite Firmware Version <= ale-l21c10b150
Huawei ≫ P8 Lite Firmware Version <= ale-l21c185b200
Huawei ≫ P8 Lite Firmware Version <= ale-l21c432b214
Huawei ≫ P8 Lite Firmware Version <= ale-l21c464b150
Huawei ≫ P8 Lite Firmware Version <= ale-l21c636b200
Huawei ≫ P8 Lite Firmware Version <= ale-l23c605b190
Huawei ≫ P8 Lite Firmware Version <= ale-tl00c01b250
Huawei ≫ P8 Lite Firmware Version <= ale-ul00c00b250.
Huawei ≫ Mate 7 Firmware Version <= mt7-l09c605b325
Huawei ≫ Mate 7 Firmware Version <= mt7-l09c900b339
Huawei ≫ Mate 7 Firmware Version <= mt7-tl10c900b339
Huawei ≫ Mate S Firmware Version <= crr-cl00c92b172
Huawei ≫ Mate S Firmware Version <= crr-l09c432b180
Huawei ≫ Mate S Firmware Version <= crr-tl00c01b172
Huawei ≫ Mate S Firmware Version <= crr-ul00c00b172
Huawei ≫ Mate S Firmware Version <= crr-ul20c432b171
Huawei ≫ P8 Firmware Version <= gra-cl00c92b230
Huawei ≫ P8 Firmware Version <= gra-l09c432b222
Huawei ≫ P8 Firmware Version <= gra-tl00c01b230sp01
Huawei ≫ P8 Firmware Version <= gra-ul00c00b230
Huawei ≫ P8 Firmware Version <= gra-ul00c10b201
Huawei ≫ P8 Firmware Version <= gra-ul00c432b220
Huawei ≫ Honor 6 Firmware Version <= h60-l04c10b523
Huawei ≫ Honor 6 Firmware Version <= h60-l04c185b523
Huawei ≫ Honor 6 Firmware Version <= h60-l04c636b527
Huawei ≫ Honor 6 Firmware Version <= h60-l04c900b530
Huawei ≫ Honor 7 Firmware Version <= plk-al10c00b220
Huawei ≫ Honor 7 Firmware Version <= plk-al10c92b220
Huawei ≫ Honor 7 Firmware Version <= plk-cl00c92b220
Huawei ≫ Honor 7 Firmware Version <= plk-l01c10b140
Huawei ≫ Honor 7 Firmware Version <= plk-l01c10b140
Huawei ≫ Honor 7 Firmware Version <= plk-l01c432b187
Huawei ≫ Honor 7 Firmware Version <= plk-l01c432b190
Huawei ≫ Honor 7 Firmware Version <= plk-l01c636b130
Huawei ≫ Honor 7 Firmware Version <= plk-tl00c01b220
Huawei ≫ Honor 7 Firmware Version <= plk-tl01hc01b220
Huawei ≫ Honor 7 Firmware Version <= plk-ul00c17b220
Huawei ≫ Shotx Firmware Version <= ath-al00c92b200
Huawei ≫ Shotx Firmware Version <= ath-cl00c92b210
Huawei ≫ Shotx Firmware Version <= ath-tl00c01b210
Huawei ≫ Shotx Firmware Version <= ath-tl00hc01b210
Huawei ≫ Shotx Firmware Version <= ath-ul00c00b210
Huawei ≫ Shotx Firmware Version <= rio-al00c00b220
Huawei ≫ Shotx Firmware Version <= ath-al00c00b210
Huawei ≫ G8 Firmware Version <= rio-al00c00b220
Huawei ≫ G8 Firmware Version <= rio-cl00c92b220
Huawei ≫ G8 Firmware Version <= rio-tl00c01b220
Huawei ≫ G8 Firmware Version <= rio-ul00c00b220
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.24% | 0.44 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 6.8 | 8.6 | 6.4 |
AV:N/AC:M/Au:N/C:P/I:P/A:P
|
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.