CVE-2017-2693

Published: Nov 22, 2017Modified: May 13, 2026

7.8

Vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

ALE-L02C635B140 and earlier versions,ALE-L02C636B140 and earlier versions,ALE-L21C10B150 and earlier versions,ALE-L21C185B200 and earlier versions,ALE-L21C432B214 and earlier versions,ALE-L21C464B150 and earlier versions,ALE-L21C636B200 and earlier versions,ALE-L23C605B190 and earlier versions,ALE-TL00C01B250 and earlier versions,ALE-UL00C00B250 and earlier versions,MT7-L09C605B325 and earlier versions,MT7-L09C900B339 and earlier versions,MT7-TL10C900B339 and earlier versions,CRR-CL00C92B172 and earlier versions,CRR-L09C432B180 and earlier versions,CRR-TL00C01B172 and earlier versions,CRR-UL00C00B172 and earlier versions,CRR-UL20C432B171 and earlier versions,GRA-CL00C92B230 and earlier versions,GRA-L09C432B222 and earlier versions,GRA-TL00C01B230SP01 and earlier versions,GRA-UL00C00B230 and earlier versions,GRA-UL00C10B201 and earlier versions,GRA-UL00C432B220 and earlier versions,H60-L04C10B523 and earlier versions,H60-L04C185B523 and earlier versions,H60-L04C636B527 and earlier versions,H60-L04C900B530 and earlier versions,PLK-AL10C00B220 and earlier versions,PLK-AL10C92B220 and earlier versions,PLK-CL00C92B220 and earlier versions,PLK-L01C10B140 and earlier versions,PLK-L01C185B130 and earlier versions,PLK-L01C432B187 and earlier versions,PLK-L01C432B190 and earlier versions,PLK-L01C432B190 and earlier versions,PLK-L01C636B130 and earlier versions,PLK-TL00C01B220 and earlier versions,PLK-TL01HC01B220 and earlier versions,PLK-UL00C17B220 and earlier versions,ATH-AL00C00B210 and earlier versions,ATH-AL00C92B200 and earlier versions,ATH-CL00C92B210 and earlier versions,ATH-TL00C01B210 and earlier versions,ATH-TL00HC01B210 and earlier versions,ATH-UL00C00B210 and earlier versions,RIO-AL00C00B220 and earlier versions,RIO-CL00C92B220 and earlier versions,RIO-TL00C01B220 and earlier versions,RIO-UL00C00B220 and earlier versions have a path traversal vulnerability. An attacker may exploit it to decompress malicious files into a target path.

Affected (49)

Products: Huawei: P8 Lite Firmware, Mate 7 Firmware, Mate S Firmware, P8 Firmware, Honor 6 Firmware, Honor 7 Firmware, Shotx Firmware, G8 Firmware

8 products

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Huawei P8 Lite Firmware	Up to ale-l02c635b140

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Huawei P8 Lite Firmware	Up to ale-l02c636b140

Configuration C

1 vulnerable

Vulnerable Software	Affected Versions
Huawei P8 Lite Firmware	Up to ale-l21c10b150

Configuration D

1 vulnerable

Vulnerable Software	Affected Versions
Huawei P8 Lite Firmware	Up to ale-l21c185b200

Configuration E

1 vulnerable

Vulnerable Software	Affected Versions
Huawei P8 Lite Firmware	Up to ale-l21c432b214

Configuration F

1 vulnerable

Vulnerable Software	Affected Versions
Huawei P8 Lite Firmware	Up to ale-l21c464b150

Configuration G

1 vulnerable

Vulnerable Software	Affected Versions
Huawei P8 Lite Firmware	Up to ale-l21c636b200

Configuration H

1 vulnerable

Vulnerable Software	Affected Versions
Huawei P8 Lite Firmware	Up to ale-l23c605b190

Configuration I

1 vulnerable

Vulnerable Software	Affected Versions
Huawei P8 Lite Firmware	Up to ale-tl00c01b250

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei P8 Lite Firmware	Up to ale-ul00c00b250.

Running on/with	Platform Versions
Huawei P8 Lite	All versions

Configuration K

1 vulnerable

Vulnerable Software	Affected Versions
Huawei Mate 7 Firmware	Up to mt7-l09c605b325

Configuration L

1 vulnerable

Vulnerable Software	Affected Versions
Huawei Mate 7 Firmware	Up to mt7-l09c900b339

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Mate 7 Firmware	Up to mt7-tl10c900b339

Running on/with	Platform Versions
Huawei Mate 7	All versions

Configuration N

1 vulnerable

Vulnerable Software	Affected Versions
Huawei Mate S Firmware	Up to crr-cl00c92b172

Configuration O

1 vulnerable

Vulnerable Software	Affected Versions
Huawei Mate S Firmware	Up to crr-l09c432b180

Configuration P

1 vulnerable

Vulnerable Software	Affected Versions
Huawei Mate S Firmware	Up to crr-tl00c01b172

Configuration Q

1 vulnerable

Vulnerable Software	Affected Versions
Huawei Mate S Firmware	Up to crr-ul00c00b172

Configuration R

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Mate S Firmware	Up to crr-ul20c432b171

Running on/with	Platform Versions
Huawei Mate S	All versions

Configuration S

1 vulnerable

Vulnerable Software	Affected Versions
Huawei P8 Firmware	Up to gra-cl00c92b230

Configuration T

1 vulnerable

Vulnerable Software	Affected Versions
Huawei P8 Firmware	Up to gra-l09c432b222

Configuration U

1 vulnerable

Vulnerable Software	Affected Versions
Huawei P8 Firmware	Up to gra-tl00c01b230sp01

Configuration V

1 vulnerable

Vulnerable Software	Affected Versions
Huawei P8 Firmware	Up to gra-ul00c00b230

Configuration W

1 vulnerable

Vulnerable Software	Affected Versions
Huawei P8 Firmware	Up to gra-ul00c10b201

Configuration X

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei P8 Firmware	Up to gra-ul00c432b220

Running on/with	Platform Versions
Huawei P8	All versions

Configuration Y

1 vulnerable

Vulnerable Software	Affected Versions
Huawei Honor 6 Firmware	Up to h60-l04c10b523

Configuration Z

1 vulnerable

Vulnerable Software	Affected Versions
Huawei Honor 6 Firmware	Up to h60-l04c185b523

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Huawei Honor 6 Firmware	Up to h60-l04c636b527

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Honor 6 Firmware	Up to h60-l04c900b530

Running on/with	Platform Versions
Huawei Honor 6	All versions

Configuration C

1 vulnerable

Vulnerable Software	Affected Versions
Huawei Honor 7 Firmware	Up to plk-al10c00b220

Configuration D

1 vulnerable

Vulnerable Software	Affected Versions
Huawei Honor 7 Firmware	Up to plk-al10c92b220

Configuration E

1 vulnerable

Vulnerable Software	Affected Versions
Huawei Honor 7 Firmware	Up to plk-cl00c92b220

Configuration G

1 vulnerable

Vulnerable Software	Affected Versions
Huawei Honor 7 Firmware	Up to plk-l01c10b140

Configuration H

1 vulnerable

Vulnerable Software	Affected Versions
Huawei Honor 7 Firmware	Up to plk-l01c432b187

Configuration I

1 vulnerable

Vulnerable Software	Affected Versions
Huawei Honor 7 Firmware	Up to plk-l01c432b190

Configuration J

1 vulnerable

Vulnerable Software	Affected Versions
Huawei Honor 7 Firmware	Up to plk-l01c636b130

Configuration K

1 vulnerable

Vulnerable Software	Affected Versions
Huawei Honor 7 Firmware	Up to plk-tl00c01b220

Configuration L

1 vulnerable

Vulnerable Software	Affected Versions
Huawei Honor 7 Firmware	Up to plk-tl01hc01b220

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Honor 7 Firmware	Up to plk-ul00c17b220

Running on/with	Platform Versions
Huawei Honor 7	All versions

Configuration N

1 vulnerable

Vulnerable Software	Affected Versions
Huawei Shotx Firmware	Up to ath-al00c92b200

Configuration O

1 vulnerable

Vulnerable Software	Affected Versions
Huawei Shotx Firmware	Up to ath-cl00c92b210

Configuration P

1 vulnerable

Vulnerable Software	Affected Versions
Huawei Shotx Firmware	Up to ath-tl00c01b210

Configuration Q

1 vulnerable

Vulnerable Software	Affected Versions
Huawei Shotx Firmware	Up to ath-tl00hc01b210

Configuration R

1 vulnerable

Vulnerable Software	Affected Versions
Huawei Shotx Firmware	Up to ath-ul00c00b210

Configuration S

1 vulnerable

Vulnerable Software	Affected Versions
Huawei Shotx Firmware	Up to rio-al00c00b220

Configuration T

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Shotx Firmware	Up to ath-al00c00b210

Running on/with	Platform Versions
Huawei Shotx	All versions

Configuration U

1 vulnerable

Vulnerable Software	Affected Versions
Huawei G8 Firmware	Up to rio-al00c00b220

Configuration V

1 vulnerable

Vulnerable Software	Affected Versions
Huawei G8 Firmware	Up to rio-cl00c92b220

Configuration W

1 vulnerable

Vulnerable Software	Affected Versions
Huawei G8 Firmware	Up to rio-tl00c01b220

Configuration X

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei G8 Firmware	Up to rio-ul00c00b220

Running on/with	Platform Versions
Huawei G8	All versions

Related CWEs

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

References (4)

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170125-01-emui-en

Source: psirt@huawei.com

Issue TrackingVendor Advisory

http://www.securityfocus.com/bid/95919

Source: psirt@huawei.com

Third Party AdvisoryVDB Entry

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170125-01-emui-en

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingVendor Advisory

http://www.securityfocus.com/bid/95919

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

Timeline

No history available yet.