CVE-2021-44124

{"id": "CVE-2021-44124", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2022-03-28T16:15:08.240", "references": [{"url": "https://github.com/feric/Findings/tree/main/Hiby/Web%20Server/Path%20Traversal", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/vext01/hiby-issues/issues/9#issuecomment-907891626", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/feric/Findings/tree/main/Hiby/Web%20Server/Path%20Traversal", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/vext01/hiby-issues/issues/9#issuecomment-907891626", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "Hiby Music Hiby OS R3 Pro 1.5 and 1.6 is vulnerable to Directory Traversal. The HTTP Server does not have enough input data sanitization when shown data from SD Card, an attacker can navigate through the device's File System over HTTP."}, {"lang": "es", "value": "Hiby Music Hiby OS R3 Pro versiones 1.5 y 1.6, es vulnerable a un Salto de Directorio. El servidor HTTP no presenta suficiente saneo de datos de entrada cuando son mostrados datos de la tarjeta SD, un atacante puede navegar mediante el sistema de archivos del dispositivo a trav\u00e9s de HTTP"}], "lastModified": "2024-11-21T06:30:24.353", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:hiby:r3_pro_firmware:1.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "360F76DC-ADEC-4874-9193-9637512451AA"}, {"criteria": "cpe:2.3:o:hiby:r3_pro_firmware:1.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "55858C47-5A39-4578-A977-3825DABF1A39"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:hiby:r3_pro:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F8654EDB-EDC3-4185-8844-076139DD5260"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}