Vulnerability Description
The ES File Explorer File Manager application through 4.1.9.7.4 for Android allows remote attackers to read arbitrary files or execute applications via TCP port 59777 requests on the local Wi-Fi network. This TCP port remains open after the ES application has been launched once, and responds to unauthenticated application/json data over HTTP.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Estrongs | Es File Explorer File Manager | <= 4.1.9.7.4 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/163303/ES-File-Explorer-4.1.9.7.4-ArbitraryExploitThird Party AdvisoryVDB Entry
- https://github.com/fs0c131y/ESFileExplorerOpenPortVulnExploitThird Party Advisory
- https://twitter.com/fs0c131y/status/1085460755313508352Third Party Advisory
- http://packetstormsecurity.com/files/163303/ES-File-Explorer-4.1.9.7.4-ArbitraryExploitThird Party AdvisoryVDB Entry
- https://github.com/fs0c131y/ESFileExplorerOpenPortVulnExploitThird Party Advisory
- https://twitter.com/fs0c131y/status/1085460755313508352Third Party Advisory
FAQ
What is CVE-2019-6447?
CVE-2019-6447 is a vulnerability with a CVSS score of 8.1 (HIGH). The ES File Explorer File Manager application through 4.1.9.7.4 for Android allows remote attackers to read arbitrary files or execute applications via TCP port 59777 requests on the local Wi-Fi netwo...
How severe is CVE-2019-6447?
CVE-2019-6447 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-6447?
Check the references section above for vendor advisories and patch information. Affected products include: Estrongs Es File Explorer File Manager.