Musicloud 1.6 Wi-Fi Transfer downfiles/cur-folder information disclosure

wpiseditHistoryDiffjsonxmlCTI

Podatność, która została odkryta w Musicloud 1.6 (Cloud Software). Podatnością dotknięta jest nieznana funkcja w komponencie Wi-Fi Transfer. Nie są znane żadne środki zaradcze. Sugerowana jest zamiana podatnego komponentu na produkt alternatywny.

Field2019-02-17 10:24 AM2020-05-10 09:30 PM
typeCloud SoftwareCloud Software
nameMusicloudMusicloud
version1.61.6
componentWi-Fi TransferWi-Fi Transfer
argumentdownfiles/cur-folderdownfiles/cur-folder
input_typePOST ParameterPOST Parameter
input_value../../
cwe200 (ujawnienie informacji)200 (ujawnienie informacji)
risk22
historic00
cvss2_vuldb_basescore3.33.3
cvss2_vuldb_tempscore3.33.3
cvss2_vuldb_avAA
cvss2_vuldb_acLL
cvss2_vuldb_auNN
cvss2_vuldb_ciPP
cvss2_vuldb_iiNN
cvss2_vuldb_aiNN
cvss2_nvd_avAA
cvss2_nvd_acLL
cvss2_nvd_auNN
cvss2_nvd_ciPP
cvss2_nvd_iiPP
cvss2_nvd_aiNN
cvss3_meta_basescore6.26.2
cvss3_meta_tempscore6.26.2
cvss3_vuldb_basescore4.34.3
cvss3_vuldb_tempscore4.34.3
cvss3_vuldb_avAA
cvss3_vuldb_acLL
cvss3_vuldb_prNN
cvss3_vuldb_uiNN
cvss3_vuldb_sUU
cvss3_vuldb_cLL
cvss3_vuldb_iNN
cvss3_vuldb_aNN
cvss3_nvd_avAA
cvss3_nvd_acLL
cvss3_nvd_prNN
cvss3_nvd_uiNN
cvss3_nvd_sUU
cvss3_nvd_cHH
cvss3_nvd_iHH
cvss3_nvd_aNN
date1550361600 (2019-02-17)1550361600 (2019-02-17)
price_0day$0-$5k$0-$5k
cveCVE-2019-8389CVE-2019-8389
cve_assigned15502752001550275200
cve_nvd_summaryA file-read vulnerability was identified in the Wi-Fi transfer feature of Musicloud 1.6. By default, the application runs a transfer service on port 8080, accessible by everyone on the same Wi-Fi network. An attacker can send the POST parameters downfiles and cur-folder (with a crafted ../ payload) to the download.script endpoint. This will create a MusicPlayerArchive.zip archive that is publicly accessible and includes the content of any requested file (such as the /etc/passwd file).A file-read vulnerability was identified in the Wi-Fi transfer feature of Musicloud 1.6. By default, the application runs a transfer service on port 8080, accessible by everyone on the same Wi-Fi network. An attacker can send the POST parameters downfiles and cur-folder (with a crafted ../ payload) to the download.script endpoint. This will create a MusicPlayerArchive.zip archive that is publicly accessible and includes the content of any requested file (such as the /etc/passwd file).
cvss2_vuldb_eNDND
cvss2_vuldb_rlNDND
cvss2_vuldb_rcNDND
cvss3_vuldb_eXX
cvss3_vuldb_rlXX
cvss3_vuldb_rcXX
cvss3_nvd_basescore8.18.1
discoverydate1550361600

Want to stay up to date on a daily basis?

Enable the mail alert feature now!