-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathCVE-2021-45783
25 lines (22 loc) · 1.27 KB
/
CVE-2021-45783
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
# Title : Bookeen Notea Directory Traversal
# Date : December 2021
# Author : Clement MAILLIOUX
# Vendor Homepage : https://bookeen.com/
# Version : BK_R_1.0.5_20210608
# Tested on : Bookeen Notea android 8.1
# CVE : 2021-45783
# CVSS 3.0 BASE SCORE : 3.2 [AV:P/AC:L/PR:/UI:N/S:U/C:L/I:L/A:N]
# NOTE : I kindly thank BOOKEEN company for this authorization to publish the vulnerablity in exchange for waiting
# it to be patched in the next release and this release to be dispatched on devices.
# First information to the vendor was made on December 2021, patched in February 2022, and information to the vendor
# before disclosure in April 2022.
# Thanks again to BOOKEEN teams for providing this product and enhancing it both on its features and security.
# the affected verrsion of the Bookeen Notea is prone to directory traversal vulnerability which can be triggered as follows:
# - create a note or use an existing note on the device
# - rename this note ../../../../../../
# - export this note
# - touch "Go"
# - You can now access and explore the device filesystem.
# REMEDIATION :
# Applying the latest update on the device is enough to correct the vulnerability.
# Go to "More settings" > "System Update" and touch "Update Detection". Then follow the installation process if needed.