diff --git a/hw_diag/utilities/quectel.py b/hw_diag/utilities/quectel.py
index 6f22ea9f..ea50904b 100644
--- a/hw_diag/utilities/quectel.py
+++ b/hw_diag/utilities/quectel.py
@@ -85,7 +85,26 @@ def download_and_extract(url: str, file_path: str, file_hash: str) -> None:
     # sonar raises warning here for integrity check, in our case it doesn't hold
     # integrity is always checked when file is downloaded, thus NOSONAR
     with tarfile.open(file_path, "r:gz") as tar:  # NOSONAR
-        tar.extractall(FW_STORE_PATH)
+        def is_within_directory(directory, target):
+            
+            abs_directory = os.path.abspath(directory)
+            abs_target = os.path.abspath(target)
+        
+            prefix = os.path.commonprefix([abs_directory, abs_target])
+            
+            return prefix == abs_directory
+        
+        def safe_extract(tar, path=".", members=None, *, numeric_owner=False):
+        
+            for member in tar.getmembers():
+                member_path = os.path.join(path, member.name)
+                if not is_within_directory(path, member_path):
+                    raise Exception("Attempted Path Traversal in Tar File")
+        
+            tar.extractall(path, members, numeric_owner=numeric_owner) 
+            
+        
+        safe_extract(tar, FW_STORE_PATH)
     os.remove(file_path)