CVE-2023-26321 — MEDIUM (6.3)

Vulnerability Description

A path traversal vulnerability exists in the Xiaomi File Manager application product(international version). The vulnerability is caused by unfiltered special characters and can be exploited by attackers to overwrite and execute code in the file.

CVSS Score

6.3

MEDIUM

CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

PHYSICAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Mi	File Manager	1-210567

Related Weaknesses (CWE)

CWE-22

References

https://trust.mi.com/misrc/bulletins/advisory?cveId=541Vendor Advisory

FAQ

What is CVE-2023-26321?

CVE-2023-26321 is a vulnerability with a CVSS score of 6.3 (MEDIUM). A path traversal vulnerability exists in the Xiaomi File Manager application product(international version). The vulnerability is caused by unfiltered special characters and can be exploited by attack...

How severe is CVE-2023-26321?

CVE-2023-26321 has been rated MEDIUM with a CVSS base score of 6.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-26321?

Check the references section above for vendor advisories and patch information. Affected products include: Mi File Manager.