Path Traversal in Huawei Hima-l29c
CVE-2021-22440
There is a path traversal vulnerability in some Huawei products. The vulnerability is due to that the software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restri…
Vulnerability class: Path Traversal (Directory Traversal)
EPSS: 0.002 (11.1th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 4.6 (Medium). Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N.
Affected products
- Huawei Hima-l29c
- Huawei Hima-l29c_firmware — versions 9.0.0.105\(c10e9r1p16\), 9.0.0.105\(c185e9r1p16\), 9.0.0.105\(c636e9r1p16\)
- Huawei Laya-al00ep
- Huawei Laya-al00ep_firmware — versions 9.1.0.139\(c786e133r3p1\)
- Huawei Mate_20
- Huawei Mate_20_firmware — versions 9.0.0.195\(c01e195r2p1\), 9.1.0.139\(c00e133r3p1\)
- Huawei Mate_20_pro
- Huawei Mate_20_pro_firmware — versions 9.0.0.187\(c432e10r1p16\), 9.0.0.188\(c185e10r2p1\), 9.0.0.245\(c10e10r2p1\)
- Huawei Oxfords-an00a
- Huawei Oxfords-an00a_firmware — versions 10.1.0.223\(c00e210r5p1\)
Weakness classification (CWE)
References
- psirt@huawei.com (x_refsource_MISC, Vendor Advisory)
Frequently asked questions
- What is CVE-2021-22440?
- CVE-2021-22440 is a medium-severity vulnerability in Huawei Hima-l29c, classified under Path Traversal. CVSS score: 4.6/10. Published 2021-07-13.
- How severe is CVE-2021-22440?
- Medium severity. CVSS v3 base score is 4.6 out of 10.