Xiaomi File Manager App Vulnerable to Path Traversal Attacks
CVE-2023-26321
9.8CRITICAL
Key Information:
- Vendor
- Xiaomi
- Status
- Xiaomi File Manager App International Version
- Vendor
- CVE Published:
- 28 August 2024
Summary
A path traversal vulnerability has been identified in the Xiaomi File Manager application. This security flaw occurs due to the presence of unfiltered special characters, which can be manipulated by attackers to gain unauthorized access. By exploiting this vulnerability, attackers could potentially overwrite files and execute arbitrary code, posing significant risks to users of the application. It is essential for users to remain vigilant and apply necessary security updates to mitigate potential threats associated with this vulnerability.
Affected Version(s)
Xiaomi File Manager App International Version Xiaomi File Manager App International Version
References
CVSS V3.1
Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved