CVE-2019-5221
Description
There is a path traversal vulnerability on Huawei Share. The software does not properly validate the path, an attacker could crafted a file path when transporting file through Huawei Share, successful exploit could allow the attacker to transport a file to arbitrary path on the phone. Affected products: Mate 20 X versions earlier than Ever-L29B 9.1.0.300(C432E3R1P12), versions earlier than Ever-L29B 9.1.0.300(C636E3R2P1), and versions earlier than Ever-L29B 9.1.0.300(C185E3R3P1).
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Path traversal vulnerability in Huawei Share allows file transfer to arbitrary paths on affected Mate 20 X devices.
Vulnerability
A path traversal vulnerability exists in Huawei Share on Mate 20 X devices. The software fails to properly validate file paths when transporting files, allowing an attacker to specify arbitrary paths. Affected versions include Mate 20 X with Ever-L29B versions earlier than 9.1.0.300(C432E3R1P12), earlier than 9.1.0.300(C636E3R2P1), and earlier than 9.1.0.300(C185E3R3P1) [1].
Exploitation
An attacker who can send a file via Huawei Share (typically over local network) can craft a malicious file path. No authentication is explicitly required beyond being able to initiate a file transfer. The attacker exploits the lack of path validation to write a file to an arbitrary location on the device.
Impact
Successful exploitation allows the attacker to transport a file to any writable path on the phone. This could lead to overwriting critical system files, causing denial of service, privilege escalation, or persistent unauthorized access, depending on the file's content and destination.
Mitigation
Huawei has released software updates to fix this vulnerability. Users should update to the following resolved versions: Ever-L29B 9.1.0.300(C432E3R1P12), Ever-L29B 9.1.0.300(C636E3R2P1), or Ever-L29B 9.1.0.300(C185E3R3P1) as appropriate [1]. No workarounds are mentioned.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
3- Huawei/Mate 20 Xv5Range: Versions earlier than Ever-L29B 9.1.0.300(C432E3R1P12)
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- www.huawei.com/en/psirt/security-advisories/huawei-sa-20190703-01-share-enmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.