Search criteria
2 vulnerabilities found for Xiaomi File Manager App International Version by Xiaomi
CVE-2023-26321 (GCVE-0-2023-26321)
Vulnerability from cvelistv5 – Published: 2024-08-28 07:51 – Updated: 2025-03-25 15:57
VLAI?
Title
The international version of Xiaomi File Manager has a path traversal vulnerability
Summary
A path traversal vulnerability exists in the Xiaomi File Manager application product(international version). The vulnerability is caused by unfiltered special characters and can be exploited by attackers to overwrite and execute code in the file.
Severity ?
6.3 (Medium)
CWE
- A path traversal vulnerability exists
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Xiaomi | Xiaomi File Manager App International Version |
Affected:
Xiaomi File Manager App International Version , ≤ V1-210567
(custom)
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:mi:file_manager:*:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "file_manager",
"vendor": "mi",
"versions": [
{
"lessThanOrEqual": "v1-210586",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-26321",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-28T13:39:58.176575Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-25T15:57:26.688Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Xiaomi File Manager App International Version",
"vendor": "Xiaomi",
"versions": [
{
"changes": [
{
"at": "V1-210586",
"status": "unaffected"
}
],
"lessThanOrEqual": "V1-210567",
"status": "affected",
"version": "Xiaomi File Manager App International Version",
"versionType": "custom"
}
]
}
],
"datePublic": "2024-02-08T07:41:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(245, 247, 249);\"\u003eA path traversal vulnerability exists in the Xiaomi File Manager application product(international version). The vulnerability is caused by unfiltered special characters and can be exploited by attackers to overwrite and execute code in the file.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "A path traversal vulnerability exists in the Xiaomi File Manager application product(international version). The vulnerability is caused by unfiltered special characters and can be exploited by attackers to overwrite and execute code in the file."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Xiaomi File Manager App International Version V1-210567"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "A path traversal vulnerability exists",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-28T07:51:28.809Z",
"orgId": "b57733aa-7326-4f07-8e09-0be8e0df1909",
"shortName": "Xiaomi"
},
"references": [
{
"url": "https://trust.mi.com/misrc/bulletins/advisory?cveId=541"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "The international version of Xiaomi File Manager has a path traversal vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b57733aa-7326-4f07-8e09-0be8e0df1909",
"assignerShortName": "Xiaomi",
"cveId": "CVE-2023-26321",
"datePublished": "2024-08-28T07:51:28.809Z",
"dateReserved": "2023-02-22T16:59:28.183Z",
"dateUpdated": "2025-03-25T15:57:26.688Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-26321 (GCVE-0-2023-26321)
Vulnerability from nvd – Published: 2024-08-28 07:51 – Updated: 2025-03-25 15:57
VLAI?
Title
The international version of Xiaomi File Manager has a path traversal vulnerability
Summary
A path traversal vulnerability exists in the Xiaomi File Manager application product(international version). The vulnerability is caused by unfiltered special characters and can be exploited by attackers to overwrite and execute code in the file.
Severity ?
6.3 (Medium)
CWE
- A path traversal vulnerability exists
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Xiaomi | Xiaomi File Manager App International Version |
Affected:
Xiaomi File Manager App International Version , ≤ V1-210567
(custom)
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:mi:file_manager:*:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "file_manager",
"vendor": "mi",
"versions": [
{
"lessThanOrEqual": "v1-210586",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-26321",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-28T13:39:58.176575Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-25T15:57:26.688Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Xiaomi File Manager App International Version",
"vendor": "Xiaomi",
"versions": [
{
"changes": [
{
"at": "V1-210586",
"status": "unaffected"
}
],
"lessThanOrEqual": "V1-210567",
"status": "affected",
"version": "Xiaomi File Manager App International Version",
"versionType": "custom"
}
]
}
],
"datePublic": "2024-02-08T07:41:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(245, 247, 249);\"\u003eA path traversal vulnerability exists in the Xiaomi File Manager application product(international version). The vulnerability is caused by unfiltered special characters and can be exploited by attackers to overwrite and execute code in the file.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "A path traversal vulnerability exists in the Xiaomi File Manager application product(international version). The vulnerability is caused by unfiltered special characters and can be exploited by attackers to overwrite and execute code in the file."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Xiaomi File Manager App International Version V1-210567"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "A path traversal vulnerability exists",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-28T07:51:28.809Z",
"orgId": "b57733aa-7326-4f07-8e09-0be8e0df1909",
"shortName": "Xiaomi"
},
"references": [
{
"url": "https://trust.mi.com/misrc/bulletins/advisory?cveId=541"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "The international version of Xiaomi File Manager has a path traversal vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b57733aa-7326-4f07-8e09-0be8e0df1909",
"assignerShortName": "Xiaomi",
"cveId": "CVE-2023-26321",
"datePublished": "2024-08-28T07:51:28.809Z",
"dateReserved": "2023-02-22T16:59:28.183Z",
"dateUpdated": "2025-03-25T15:57:26.688Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}