CVE-2014-9282

Directory traversal vulnerability in the Speed Root Explorer application before 3.2 for Android and the Speed Explorer application before 2.2 for Android allows remote attackers to write to arbitrary files via a crafted filename.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:N/I:P/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://jvn.jp/en/jp/JVN42768331/index.html	Vendor Advisory
http://jvndb.jvn.jp/jvndb/JVNDB-2015-000023	Vendor Advisory
http://jvn.jp/en/jp/JVN42768331/index.html	Vendor Advisory
http://jvndb.jvn.jp/jvndb/JVNDB-2015-000023	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:speed_software:explorer::::::::
	cpe:2.3:a:speed_software:root_explorer::::::::

History

21 Nov 2024, 02:20

Type	Values Removed	Values Added
References	~~() http://jvn.jp/en/jp/JVN42768331/index.html - Vendor Advisory~~	() http://jvn.jp/en/jp/JVN42768331/index.html - Vendor Advisory
References	~~() http://jvndb.jvn.jp/jvndb/JVNDB-2015-000023 - Vendor Advisory~~	() http://jvndb.jvn.jp/jvndb/JVNDB-2015-000023 - Vendor Advisory

Information

Published : 2015-02-24 20:59

Updated : 2024-11-21 02:20

NVD link : CVE-2014-9282

Mitre link : CVE-2014-9282

CVE.ORG link : CVE-2014-9282

JSON object : View

Products Affected

speed_software

root_explorer
explorer

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

{"id": "CVE-2014-9282", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2015-02-24T20:59:02.503", "references": [{"url": "http://jvn.jp/en/jp/JVN42768331/index.html", "tags": ["Vendor Advisory"], "source": "vultures@jpcert.or.jp"}, {"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000023", "tags": ["Vendor Advisory"], "source": "vultures@jpcert.or.jp"}, {"url": "http://jvn.jp/en/jp/JVN42768331/index.html", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000023", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in the Speed Root Explorer application before 3.2 for Android and the Speed Explorer application before 2.2 for Android allows remote attackers to write to arbitrary files via a crafted filename."}, {"lang": "es", "value": "Vulnerabilidad de salto de directorio en la aplicaci\u00f3n Speed Root Explorer anterior a 3.2 para Android y la aplicaci\u00f3n Speed Explorer anterior a 2.2 para Android permite a atacantes remotos escribir a ficheros arbitrarios a trav\u00e9s de un nombre de ficheros manipulado."}], "lastModified": "2024-11-21T02:20:33.320", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:speed_software:explorer:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7203B3D1-4E96-4278-8E51-F810C675BCAF", "versionEndIncluding": "2.1.5"}, {"criteria": "cpe:2.3:a:speed_software:root_explorer:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "45D5DD44-F14E-4542-9907-A84020865219", "versionEndIncluding": "3.1"}], "operator": "OR"}]}], "sourceIdentifier": "vultures@jpcert.or.jp"}