This article is a part of our Vulnerability Database (back to index)
Path Traversal occurrences in Harmonyos
The number identification module has a path traversal vulnerability. Successful exploitation of this vulnerability may cause data disclosure. (2022-09-16, CVE-2022-39001)
HwPCAssistant has a path traversal vulnerability. Successful exploitation of this vulnerability may affect data confidentiality. (2022-01-10, CVE-2021-40003)
The CaasKit module has a path traversal vulnerability. Successful exploitation of this vulnerability may cause the MeeTime application to be unavailable. (2022-01-10, CVE-2021-40001)
Arbitrary file has a Exposure of Sensitive Information to an Unauthorized Actor vulnerability .Successful exploitation of this vulnerability may cause the directory is traversed. (2022-01-03, CVE-2021-37126)
HwPCAssistant has a Improper Input Validation vulnerability.Successful exploitation of this vulnerability may create any file with the system app permission. (2022-01-03, CVE-2021-39970)
HwPCAssistant has a Path Traversal vulnerability .Successful exploitation of this vulnerability may write any file. (2022-01-03, CVE-2021-37128)
There is a Improper Limitation of a Pathname to a Restricted Directory vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to arbitrary file created. (2021-12-07, CVE-2021-37064)
There is a Path Traversal vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to attackers can create arbitrary file. (2021-12-07, CVE-2021-37087)
There is a Path Traversal vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to attackers can write any content to any file. (2021-12-07, CVE-2021-37088)
There is a Path Traversal vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to delete any file. (2021-12-07, CVE-2021-37099)
There is a Improper Access Control vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause media files which can be reads and writes in non-distributed directories on any device on the network.. (2021-11-23, CVE-2021-37023)
Why Path Traversal can be dangerous
Relative Path Confusion means that your web server is configured to serve responses to ambiguous URLs. This configuration can possibly cause confusion about the correct relative path for the URL. It is also an issue of resources, such as images, styles etc., which are specified in the response using relative path, not the absolute URL.
If the web browser permits to parse "cross-content" response, the attacker may be able to fool the web browser into interpreting HTML into other content types, which can then lead to a cross site scripting attack (link do XSS).