Vulnerability Description
The Amaze File Manager application before 3.4.2 for Android does not properly restrict intents for controlling the FTP server (aka services.ftpservice.FTPReceiver.ACTION_START_FTPSERVER and services.ftpservice.FTPReceiver.ACTION_STOP_FTPSERVER).
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Amaze File Manager Project | Amaze File Manager | < 3.4.2 |
References
- https://github.com/TeamAmaze/AmazeFileManager/compare/v3.4.1...v3.4.2PatchThird Party Advisory
- https://github.com/TeamAmaze/AmazeFileManager/pull/1815Third Party Advisory
- https://play.google.com/store/apps/details?id=com.amaze.filemanager&hl=en_US&gl=ProductThird Party Advisory
- https://github.com/TeamAmaze/AmazeFileManager/compare/v3.4.1...v3.4.2PatchThird Party Advisory
- https://github.com/TeamAmaze/AmazeFileManager/pull/1815Third Party Advisory
- https://play.google.com/store/apps/details?id=com.amaze.filemanager&hl=en_US&gl=ProductThird Party Advisory
FAQ
What is CVE-2020-35173?
CVE-2020-35173 is a vulnerability with a CVSS score of 9.8 (CRITICAL). The Amaze File Manager application before 3.4.2 for Android does not properly restrict intents for controlling the FTP server (aka services.ftpservice.FTPReceiver.ACTION_START_FTPSERVER and services.f...
How severe is CVE-2020-35173?
CVE-2020-35173 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2020-35173?
Check the references section above for vendor advisories and patch information. Affected products include: Amaze File Manager Project Amaze File Manager.