Search criteria
3 vulnerabilities found for file_manager by mi
FKIE_CVE-2023-26321
Vulnerability from fkie_nvd - Published: 2024-08-28 08:15 - Updated: 2025-03-25 16:15
Severity ?
6.3 (Medium) - CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
A path traversal vulnerability exists in the Xiaomi File Manager application product(international version). The vulnerability is caused by unfiltered special characters and can be exploited by attackers to overwrite and execute code in the file.
References
| URL | Tags | ||
|---|---|---|---|
| security@xiaomi.com | https://trust.mi.com/misrc/bulletins/advisory?cveId=541 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mi | file_manager | 1-210567 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mi:file_manager:1-210567:*:*:*:*:*:*:*",
"matchCriteriaId": "8010BDED-A28F-468D-A92C-3D2FAF09D29A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A path traversal vulnerability exists in the Xiaomi File Manager application product(international version). The vulnerability is caused by unfiltered special characters and can be exploited by attackers to overwrite and execute code in the file."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de path traversal en el producto de la aplicaci\u00f3n Xiaomi File Manager (versi\u00f3n internacional). La vulnerabilidad es causada por caracteres especiales sin filtrar y los atacantes pueden aprovecharla para sobrescribir y ejecutar c\u00f3digo en el archivo."
}
],
"id": "CVE-2023-26321",
"lastModified": "2025-03-25T16:15:16.857",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.4,
"impactScore": 5.9,
"source": "security@xiaomi.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-08-28T08:15:06.083",
"references": [
{
"source": "security@xiaomi.com",
"tags": [
"Vendor Advisory"
],
"url": "https://trust.mi.com/misrc/bulletins/advisory?cveId=541"
}
],
"sourceIdentifier": "security@xiaomi.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
CVE-2023-26321 (GCVE-0-2023-26321)
Vulnerability from cvelistv5 – Published: 2024-08-28 07:51 – Updated: 2025-03-25 15:57
VLAI?
Title
The international version of Xiaomi File Manager has a path traversal vulnerability
Summary
A path traversal vulnerability exists in the Xiaomi File Manager application product(international version). The vulnerability is caused by unfiltered special characters and can be exploited by attackers to overwrite and execute code in the file.
Severity ?
6.3 (Medium)
CWE
- A path traversal vulnerability exists
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Xiaomi | Xiaomi File Manager App International Version |
Affected:
Xiaomi File Manager App International Version , ≤ V1-210567
(custom)
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:mi:file_manager:*:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "file_manager",
"vendor": "mi",
"versions": [
{
"lessThanOrEqual": "v1-210586",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-26321",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-28T13:39:58.176575Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-25T15:57:26.688Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Xiaomi File Manager App International Version",
"vendor": "Xiaomi",
"versions": [
{
"changes": [
{
"at": "V1-210586",
"status": "unaffected"
}
],
"lessThanOrEqual": "V1-210567",
"status": "affected",
"version": "Xiaomi File Manager App International Version",
"versionType": "custom"
}
]
}
],
"datePublic": "2024-02-08T07:41:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(245, 247, 249);\"\u003eA path traversal vulnerability exists in the Xiaomi File Manager application product(international version). The vulnerability is caused by unfiltered special characters and can be exploited by attackers to overwrite and execute code in the file.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "A path traversal vulnerability exists in the Xiaomi File Manager application product(international version). The vulnerability is caused by unfiltered special characters and can be exploited by attackers to overwrite and execute code in the file."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Xiaomi File Manager App International Version V1-210567"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "A path traversal vulnerability exists",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-28T07:51:28.809Z",
"orgId": "b57733aa-7326-4f07-8e09-0be8e0df1909",
"shortName": "Xiaomi"
},
"references": [
{
"url": "https://trust.mi.com/misrc/bulletins/advisory?cveId=541"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "The international version of Xiaomi File Manager has a path traversal vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b57733aa-7326-4f07-8e09-0be8e0df1909",
"assignerShortName": "Xiaomi",
"cveId": "CVE-2023-26321",
"datePublished": "2024-08-28T07:51:28.809Z",
"dateReserved": "2023-02-22T16:59:28.183Z",
"dateUpdated": "2025-03-25T15:57:26.688Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-26321 (GCVE-0-2023-26321)
Vulnerability from nvd – Published: 2024-08-28 07:51 – Updated: 2025-03-25 15:57
VLAI?
Title
The international version of Xiaomi File Manager has a path traversal vulnerability
Summary
A path traversal vulnerability exists in the Xiaomi File Manager application product(international version). The vulnerability is caused by unfiltered special characters and can be exploited by attackers to overwrite and execute code in the file.
Severity ?
6.3 (Medium)
CWE
- A path traversal vulnerability exists
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Xiaomi | Xiaomi File Manager App International Version |
Affected:
Xiaomi File Manager App International Version , ≤ V1-210567
(custom)
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:mi:file_manager:*:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "file_manager",
"vendor": "mi",
"versions": [
{
"lessThanOrEqual": "v1-210586",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-26321",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-28T13:39:58.176575Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-25T15:57:26.688Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Xiaomi File Manager App International Version",
"vendor": "Xiaomi",
"versions": [
{
"changes": [
{
"at": "V1-210586",
"status": "unaffected"
}
],
"lessThanOrEqual": "V1-210567",
"status": "affected",
"version": "Xiaomi File Manager App International Version",
"versionType": "custom"
}
]
}
],
"datePublic": "2024-02-08T07:41:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(245, 247, 249);\"\u003eA path traversal vulnerability exists in the Xiaomi File Manager application product(international version). The vulnerability is caused by unfiltered special characters and can be exploited by attackers to overwrite and execute code in the file.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "A path traversal vulnerability exists in the Xiaomi File Manager application product(international version). The vulnerability is caused by unfiltered special characters and can be exploited by attackers to overwrite and execute code in the file."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Xiaomi File Manager App International Version V1-210567"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "A path traversal vulnerability exists",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-28T07:51:28.809Z",
"orgId": "b57733aa-7326-4f07-8e09-0be8e0df1909",
"shortName": "Xiaomi"
},
"references": [
{
"url": "https://trust.mi.com/misrc/bulletins/advisory?cveId=541"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "The international version of Xiaomi File Manager has a path traversal vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b57733aa-7326-4f07-8e09-0be8e0df1909",
"assignerShortName": "Xiaomi",
"cveId": "CVE-2023-26321",
"datePublished": "2024-08-28T07:51:28.809Z",
"dateReserved": "2023-02-22T16:59:28.183Z",
"dateUpdated": "2025-03-25T15:57:26.688Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}