fkie_cve-2025-5346
Vulnerability from fkie_nvd
Published
2025-07-17 13:15
Modified
2025-07-17 21:15
Severity ?
5.1 (Medium) - CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N
Summary
Bluebird devices contain a pre-loaded barcode scanner application. This application exposes an unsecured broadcast receiver "kr.co.bluebird.android.bbsettings.BootReceiver". A local attacker can call the receiver to overwrite file containing ".json" keyword with default barcode config file. It is possible to overwrite file in any location due to lack of protection against path traversal in name of the file. This issue affects all versions before 1.3.3.
References
cvd@cert.plhttps://cert.pl/en/posts/2025/07CVE-2025-5344
Impacted products
Vendor Product Version


To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Bluebird devices contain a pre-loaded barcode scanner application. This application exposes an unsecured broadcast receiver \"kr.co.bluebird.android.bbsettings.BootReceiver\". A local attacker can call the receiver to overwrite file containing \".json\" keyword with default barcode config file. It is possible to overwrite file in any location due to lack of protection against path traversal in name of the file.\n\nThis issue affects all versions before 1.3.3."
    },
    {
      "lang": "es",
      "value": "Los dispositivos Bluebird incluyen una aplicaci\u00f3n de lectura de c\u00f3digos de barras preinstalada. Esta aplicaci\u00f3n expone un receptor de difusi\u00f3n no seguro, \"kr.co.bluebird.android.bbsettings.BootReceiver\". Un atacante local puede llamar al receptor para sobrescribir el archivo que contiene la palabra clave \".json\" con el archivo de configuraci\u00f3n de c\u00f3digo de barras predeterminado. Es posible sobrescribir el archivo en cualquier ubicaci\u00f3n debido a la falta de protecci\u00f3n contra el path traversal en el nombre del archivo. Este problema afecta a todas las versiones anteriores a la 1.3.3."
    }
  ],
  "id": "CVE-2025-5346",
  "lastModified": "2025-07-17T21:15:50.197",
  "metrics": {
    "cvssMetricV40": [
      {
        "cvssData": {
          "Automatable": "NOT_DEFINED",
          "Recovery": "NOT_DEFINED",
          "Safety": "NOT_DEFINED",
          "attackComplexity": "LOW",
          "attackRequirements": "NONE",
          "attackVector": "LOCAL",
          "availabilityRequirement": "NOT_DEFINED",
          "baseScore": 5.1,
          "baseSeverity": "MEDIUM",
          "confidentialityRequirement": "NOT_DEFINED",
          "exploitMaturity": "NOT_DEFINED",
          "integrityRequirement": "NOT_DEFINED",
          "modifiedAttackComplexity": "NOT_DEFINED",
          "modifiedAttackRequirements": "NOT_DEFINED",
          "modifiedAttackVector": "NOT_DEFINED",
          "modifiedPrivilegesRequired": "NOT_DEFINED",
          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
          "modifiedSubIntegrityImpact": "NOT_DEFINED",
          "modifiedUserInteraction": "NOT_DEFINED",
          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
          "privilegesRequired": "NONE",
          "providerUrgency": "NOT_DEFINED",
          "subAvailabilityImpact": "NONE",
          "subConfidentialityImpact": "NONE",
          "subIntegrityImpact": "LOW",
          "userInteraction": "NONE",
          "valueDensity": "NOT_DEFINED",
          "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "version": "4.0",
          "vulnAvailabilityImpact": "NONE",
          "vulnConfidentialityImpact": "NONE",
          "vulnIntegrityImpact": "NONE",
          "vulnerabilityResponseEffort": "NOT_DEFINED"
        },
        "source": "cvd@cert.pl",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-07-17T13:15:23.383",
  "references": [
    {
      "source": "cvd@cert.pl",
      "url": "https://cert.pl/en/posts/2025/07CVE-2025-5344"
    }
  ],
  "sourceIdentifier": "cvd@cert.pl",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-926"
        }
      ],
      "source": "cvd@cert.pl",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.