Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for file_manager by mi

    CVE-2023-26321 (GCVE-0-2023-26321)

    Vulnerability from nvd – Published: 2024-08-28 07:51 – Updated: 2025-03-25 15:57
    VLAI
    Title
    The international version of Xiaomi File Manager has a path traversal vulnerability
    Summary
    A path traversal vulnerability exists in the Xiaomi File Manager application product(international version). The vulnerability is caused by unfiltered special characters and can be exploited by attackers to overwrite and execute code in the file.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • A path traversal vulnerability exists
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
    Assigner
    Impacted products
    Vendor Product Version
    Xiaomi Xiaomi File Manager App International Version Affected: Xiaomi File Manager App International Version , ≤ V1-210567 (custom)
    Create a notification for this product.
    mi file_manager Affected: 0 , ≤ v1-210586 (custom)
        cpe:2.3:a:mi:file_manager:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2024-02-08 07:41
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:mi:file_manager:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "file_manager",
                "vendor": "mi",
                "versions": [
                  {
                    "lessThanOrEqual": "v1-210586",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-26321",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-28T13:39:58.176575Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-22",
                    "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-25T15:57:26.688Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Xiaomi File Manager App International Version",
              "vendor": "Xiaomi",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "V1-210586",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "V1-210567",
                  "status": "affected",
                  "version": "Xiaomi File Manager App International Version",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2024-02-08T07:41:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(245, 247, 249);\"\u003eA path traversal vulnerability exists in the Xiaomi File Manager application product(international version). The vulnerability is caused by unfiltered special characters and can be exploited by attackers to overwrite and execute code in the file.\u003c/span\u003e\u003cbr\u003e"
                }
              ],
              "value": "A path traversal vulnerability exists in the Xiaomi File Manager application product(international version). The vulnerability is caused by unfiltered special characters and can be exploited by attackers to overwrite and execute code in the file."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Xiaomi File Manager App International Version V1-210567"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "PHYSICAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "A path traversal vulnerability exists",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-08-28T07:51:28.809Z",
            "orgId": "b57733aa-7326-4f07-8e09-0be8e0df1909",
            "shortName": "Xiaomi"
          },
          "references": [
            {
              "url": "https://trust.mi.com/misrc/bulletins/advisory?cveId=541"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "The international version of Xiaomi File Manager has a path traversal vulnerability",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b57733aa-7326-4f07-8e09-0be8e0df1909",
        "assignerShortName": "Xiaomi",
        "cveId": "CVE-2023-26321",
        "datePublished": "2024-08-28T07:51:28.809Z",
        "dateReserved": "2023-02-22T16:59:28.183Z",
        "dateUpdated": "2025-03-25T15:57:26.688Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-26321 (GCVE-0-2023-26321)

    Vulnerability from cvelistv5 – Published: 2024-08-28 07:51 – Updated: 2025-03-25 15:57
    VLAI
    Title
    The international version of Xiaomi File Manager has a path traversal vulnerability
    Summary
    A path traversal vulnerability exists in the Xiaomi File Manager application product(international version). The vulnerability is caused by unfiltered special characters and can be exploited by attackers to overwrite and execute code in the file.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • A path traversal vulnerability exists
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
    Assigner
    Impacted products
    Vendor Product Version
    Xiaomi Xiaomi File Manager App International Version Affected: Xiaomi File Manager App International Version , ≤ V1-210567 (custom)
    Create a notification for this product.
    mi file_manager Affected: 0 , ≤ v1-210586 (custom)
        cpe:2.3:a:mi:file_manager:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2024-02-08 07:41
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:mi:file_manager:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "file_manager",
                "vendor": "mi",
                "versions": [
                  {
                    "lessThanOrEqual": "v1-210586",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-26321",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-28T13:39:58.176575Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-22",
                    "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-25T15:57:26.688Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Xiaomi File Manager App International Version",
              "vendor": "Xiaomi",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "V1-210586",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "V1-210567",
                  "status": "affected",
                  "version": "Xiaomi File Manager App International Version",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2024-02-08T07:41:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(245, 247, 249);\"\u003eA path traversal vulnerability exists in the Xiaomi File Manager application product(international version). The vulnerability is caused by unfiltered special characters and can be exploited by attackers to overwrite and execute code in the file.\u003c/span\u003e\u003cbr\u003e"
                }
              ],
              "value": "A path traversal vulnerability exists in the Xiaomi File Manager application product(international version). The vulnerability is caused by unfiltered special characters and can be exploited by attackers to overwrite and execute code in the file."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Xiaomi File Manager App International Version V1-210567"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "PHYSICAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "A path traversal vulnerability exists",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-08-28T07:51:28.809Z",
            "orgId": "b57733aa-7326-4f07-8e09-0be8e0df1909",
            "shortName": "Xiaomi"
          },
          "references": [
            {
              "url": "https://trust.mi.com/misrc/bulletins/advisory?cveId=541"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "The international version of Xiaomi File Manager has a path traversal vulnerability",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b57733aa-7326-4f07-8e09-0be8e0df1909",
        "assignerShortName": "Xiaomi",
        "cveId": "CVE-2023-26321",
        "datePublished": "2024-08-28T07:51:28.809Z",
        "dateReserved": "2023-02-22T16:59:28.183Z",
        "dateUpdated": "2025-03-25T15:57:26.688Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }