CVE-2023-26321

A path traversal vulnerability exists in the Xiaomi File Manager application product(international version). The vulnerability is caused by unfiltered special characters and can be exploited by attackers to overwrite and execute code in the file.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://trust.mi.com/misrc/bulletins/advisory?cveId=541	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:mi:file_manager:1-210567:*:*:*:*:*:*:*

History

12 Sep 2024, 16:29

Type	Values Removed	Values Added
CPE		cpe:2.3:a:mi:file_manager:1-210567:::::::*
First Time		Mi file Manager Mi
CWE		CWE-22
CVSS	v2 : ~~unknown~~ v3 : ~~6.3~~	v2 : unknown v3 : 9.8
References	~~() https://trust.mi.com/misrc/bulletins/advisory?cveId=541 -~~	() https://trust.mi.com/misrc/bulletins/advisory?cveId=541 - Vendor Advisory

28 Aug 2024, 12:57

Type	Values Removed	Values Added
Summary		(es) Existe una vulnerabilidad de path traversal en el producto de la aplicación Xiaomi File Manager (versión internacional). La vulnerabilidad es causada por caracteres especiales sin filtrar y los atacantes pueden aprovecharla para sobrescribir y ejecutar código en el archivo.

28 Aug 2024, 08:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-08-28 08:15

Updated : 2024-09-12 16:29

NVD link : CVE-2023-26321

Mitre link : CVE-2023-26321

CVE.ORG link : CVE-2023-26321

JSON object : View

Products Affected

file_manager

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

9.8 /10