CVE-2023-26321

Published: Aug 28, 2024Modified: Mar 25, 2025

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

A path traversal vulnerability exists in the Xiaomi File Manager application product(international version). The vulnerability is caused by unfiltered special characters and can be exploited by attackers to overwrite and execute code in the file.

Affected (1)

Products: Mi: File Manager

1 product

File Manager

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Mi File Manager	Version 1-210567

Related CWEs

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

References (1)

https://trust.mi.com/misrc/bulletins/advisory?cveId=541

Source: security@xiaomi.com

Vendor Advisory

Timeline

No history available yet.