High severity7.1NVD Advisory· Published Nov 22, 2017· Updated May 13, 2026

CVE-2017-2706

Description

Mate 9 smartphones with software MHA-AL00AC00B125 have a directory traversal vulnerability in Push module. Since the system does not verify the file name during decompression, system directories are traversed. It could be exploited to cause the attacker to replace files and impact the service.

Affected products

Huawei/Mate 9 Firmware
cpe:2.3:o:huawei:mate_9_firmware:*:*:*:*:*:*:*:*
Range: <=mha-al00ac00b125
Huawei Technologies Co., Ltd./Mate 9v5
Range: MHA-AL00AC00B125

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.huawei.com/en/psirt/security-advisories/huawei-sa-20170712-01-push-ennvdVendor Advisory

News mentions

No linked articles in our index yet.

cvss	0.461
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000