CVE-2017-15309

Publication date

2017-12-22 17:00:00

Family

huawei

State

PUBLISHED

Description

Huawei iReader app before 8.0.2.301 has a path traversal vulnerability due to insufficient validation on file storage paths. An attacker can exploit this vulnerability to store downloaded malicious files in an arbitrary directory.