Japan Vulnerability NotesJVN:98115035JVN#98115035: Android App "ELECOM File Manager" vulnerable to directory traversal
6.4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:P/A:P
9.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
0.003 Low
EPSS
Percentile
68.1%
Android App “ELECOM File Manager” provided by ELECOM CO.,LTD. contains a directory traversal vulnerability (CWE-22) due to a flaw in the processing of the filenames when extracting the compressed files.
Impact
A remote attacker may create an arbitrary file or overwrite an existing file in a directory which can be accessed with the application privileges.
Solution
Stop using Android App “ELECOM File Manager”
The developer states the product is no longer supported, therefore stop using the product.
According to developer, ELECOM EXtorage Link, the successor to ELECOM File Manager, is not affected by this vulnerability and users are recommended to use ELECOM EXtorage Link.
Products Affected
- Android App “ELECOM File Manager” all versions
Related
6.4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:P/A:P
9.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
0.003 Low
EPSS
Percentile
68.1%