There is a path traversal vulnerability in Huawei FusionCube 6.0.2.The vulnerability is due to that the software uses external input to construct a pathname that is intended to identify a directory that is located underneath a restricted parent directory, but the software does not properly validate the pathname. Successful exploit could allow the attacker to access a location that is outside of the restricted directory by a crafted filename.
References
| Link | Resource |
|---|---|
| https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20211020-01-pathtraversal-en | Patch Vendor Advisory |
| https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20211020-01-pathtraversal-en | Patch Vendor Advisory |
Configurations
Configuration 1 (hide)
| AND |
|
History
21 Nov 2024, 06:14
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20211020-01-pathtraversal-en - Patch, Vendor Advisory |
Information
Published : 2021-10-27 01:15
Updated : 2024-11-21 06:14
NVD link : CVE-2021-37130
Mitre link : CVE-2021-37130
CVE.ORG link : CVE-2021-37130
JSON object : View
Products Affected
huawei
- fusioncube
- fusioncube_firmware
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')