Bookeen Notea Directory Traversal

2022.05.29
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-22

# Exploit Title: Bookeen Notea - Directory Traversal # Date: December 2021 # Exploit Author: Clement MAILLIOUX # Vendor Homepage: https://bookeen.com/ # Software Link: N/A # Version: BK_R_1.0.5_20210608 # Tested on: Bookeen Notea (Android 8.1) # CVE : CVE 2021-45783 # The affected version of the Bookeen Notea System Update is prone to directory traversal vulnerability related to its note Export function. # The vulnerability can be triggered like so : # - Create a note or use an existing note on the device # - rename this note ../../../../../../ # - keep touching the note until a menu appears # - touch to select "export" # - touch "View" # Now you can access and explore the device filesystem.


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2022, cxsecurity.com

 

Back to Top