CVE-2023-26321

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-26321
A path traversal vulnerability exists in the Xiaomi File Manager application product(international version). The vulnerability is caused by unfiltered special characters and can be exploited by attackers to overwrite and execute code in the file.

6.3 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.4 / Impact : 5.9

Attack Vector PHYSICAL

Attack Complexity HIGH

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://trust.mi.com/misrc/bulletins/advisory?cveId=541 Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:mi:file_manager:1-210567:*:*:*:*:*:*:*
History

No history.

Information

Published : 2024-08-28 08:15

Updated : 2025-03-25 16:15

NVD link : CVE-2023-26321

Mitre link : CVE-2023-26321

CVE.ORG link : CVE-2023-26321

JSON object : View

Products Affected

mi

  • file_manager
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')