This vulnerability can be exploited only when the following conditions are present:
Attackers need to be able to install apps on devices.
Huawei Aslan Children's Watch does not properly verify the path transmitted in external input, leading to a path traversal vulnerability. An attacker who can install an app on the device can exploit this vulnerability by installing a malicious application. Successful exploitation may cause the attacker to access or modify protected system resources.
This document is provided on an "AS IS" basis and does not imply any kind of guarantee or warranty, either express or implied, including the warranties of merchantability or fitness for a particular purpose. In no event shall Huawei or any of its directly or indirectly controlled subsidiaries or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages. Your use of the document, by whatsoever means, will be totally at your own risk. Huawei is entitled to amend or update this document from time to time.