CVE-2019-6447

Published: Jan 16, 2019Modified: Nov 21, 2024

8.1

Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Exploitability: 2.8 / Impact: 5.2

Source: NVD

Description

The ES File Explorer File Manager application through 4.1.9.7.4 for Android allows remote attackers to read arbitrary files or execute applications via TCP port 59777 requests on the local Wi-Fi network. This TCP port remains open after the ES application has been launched once, and responds to unauthenticated application/json data over HTTP.

Affected (1)

Products: Estrongs: Es File Explorer File Manager

1 product

Es File Explorer File Manager

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Estrongs Es File Explorer File Manager	Up to 4.1.9.7.4

Related CWEs

Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

References (6)

http://packetstormsecurity.com/files/163303/ES-File-Explorer-4.1.9.7.4-Arbitrary-File-Read.html

Source: cve@mitre.org

ExploitThird Party AdvisoryVDB Entry

https://github.com/fs0c131y/ESFileExplorerOpenPortVuln

Source: cve@mitre.org

ExploitThird Party Advisory

https://twitter.com/fs0c131y/status/1085460755313508352

Source: cve@mitre.org

Third Party Advisory

http://packetstormsecurity.com/files/163303/ES-File-Explorer-4.1.9.7.4-Arbitrary-File-Read.html

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party AdvisoryVDB Entry

https://github.com/fs0c131y/ESFileExplorerOpenPortVuln

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://twitter.com/fs0c131y/status/1085460755313508352

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.