CVE-2023-26321

Published Aug 28, 2024

Last updated 2 months ago

CVSS medium 6.3

Overview

Description: A path traversal vulnerability exists in the Xiaomi File Manager application product(international version). The vulnerability is caused by unfiltered special characters and can be exploited by attackers to overwrite and execute code in the file.
Source: security@xiaomi.com
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 9.8
Impact score: 5.9
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: CRITICAL

Weaknesses

nvd@nist.gov: CWE-22
134c704f-9b21-4f2e-91b3-4a467353bcc0: CWE-22

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:mi:file_manager:1-210567:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8010BDED-A28F-468D-A92C-3D2FAF09D29A"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.