CVE-2021-37124
Description
There is a path traversal vulnerability in Huawei PC product. Because the product does not filter path with special characters,attackers can construct a file path with special characters to exploit this vulnerability. Successful exploitation could allow the attacker to transport a file to certain path.Affected product versions include:PC Smart Full Scene 11.1 versions PCManager 11.1.1.97.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Path traversal vulnerability in Huawei PCManager 11.1.1.97 allows attackers to write files to arbitrary paths via specially crafted file paths.
Vulnerability
A path traversal vulnerability exists in Huawei PCManager, part of PC Smart Full Scene 11.1. The product fails to filter special characters in file paths, enabling an attacker to construct a path with traversal sequences (e.g., ../). This allows writing a file to an unintended directory. Affected version: PCManager 11.1.1.97. [1]
Exploitation
An attacker must be able to supply a crafted file path to the vulnerable component. The exact attack vector is not detailed in the advisory, but it likely requires local access or the ability to trigger file operations. By embedding path traversal sequences, the attacker can redirect the file write operation outside the intended directory. [1]
Impact
Successful exploitation permits the attacker to transport (write) a file to an arbitrary path on the system. This could lead to overwriting critical system files, placing malicious executables in startup directories, or other actions that may result in privilege escalation or arbitrary code execution. [1]
Mitigation
Huawei has released a fix in PCManager 11.1.5.3. Users should update to this version. No workarounds are provided. The security advisory was published on 2021-10-08. [1]
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: = 11.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- www.huawei.com/en/psirt/security-advisories/huawei-sa-20211008-01-share-enmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.