Musicloud 1.6 Wi-Fi Transfer downfiles/cur-folder information disclosure

wpiseditHistoryDiffjsonxmlCTI

Podatność, która została odkryta w Musicloud 1.6 (Cloud Software). Podatnością dotknięta jest nieznana funkcja w komponencie Wi-Fi Transfer. Nie są znane żadne środki zaradcze. Sugerowana jest zamiana podatnego komponentu na produkt alternatywny.

Timeline

User

Field

Commit Conf

Approve Conf

IDCommitedUserFieldChangeRemarksModeratedReasonC
87448062020-05-10VulD...discoverydate15503616002020-05-10accepted100
87448552019-02-17VulD...cvss3_nvd_basescore8.1nist.gov2019-02-17accepted90
87448542019-02-17VulD...cvss3_vuldb_rcX2019-02-17accepted90
87448532019-02-17VulD...cvss3_vuldb_rlX2019-02-17accepted90
87448522019-02-17VulD...cvss3_vuldb_eX2019-02-17accepted90
87448512019-02-17VulD...cvss2_vuldb_rcND2019-02-17accepted90
87448502019-02-17VulD...cvss2_vuldb_rlND2019-02-17accepted90
87448492019-02-17VulD...cvss2_vuldb_eND2019-02-17accepted90
87448482019-02-17VulD...cve_nvd_summaryA file-read vulnerability was identified in the Wi-Fi transfer feature of Musicloud 1.6. By default, the application runs a transfer service on port 8080, accessible by everyone on the same Wi-Fi network. An attacker can send the POST parameters downfiles and cur-folder (with a crafted ../ payload) to the download.script endpoint. This will create a MusicPlayerArchive.zip archive that is publicly accessible and includes the content of any requested file (such as the /etc/passwd file).mitre.org2019-02-17accepted100
87448472019-02-17VulD...cve_assigned1550275200mitre.org2019-02-17accepted100
87448462019-02-17VulD...cveCVE-2019-8389mitre.org2019-02-17accepted100
87448452019-02-17VulD...price_0day$0-$5ksee documentation2019-02-17accepted100
87448442019-02-17VulD...date1550361600 (2019-02-17)2019-02-17accepted100
87448432019-02-17VulD...cvss3_nvd_aNnist.gov2019-02-17accepted100
87448422019-02-17VulD...cvss3_nvd_iHnist.gov2019-02-17accepted100
87448412019-02-17VulD...cvss3_nvd_cHnist.gov2019-02-17accepted100
87448402019-02-17VulD...cvss3_nvd_sUnist.gov2019-02-17accepted100
87448392019-02-17VulD...cvss3_nvd_uiNnist.gov2019-02-17accepted100
87448382019-02-17VulD...cvss3_nvd_prNnist.gov2019-02-17accepted100
87448372019-02-17VulD...cvss3_nvd_acLnist.gov2019-02-17accepted100

Do you need the next level of professionalism?

Upgrade your account now!