Skip to content

Path traversal vulnerability in web server. #9

Open
@vext01

Description

@vext01

The web server used to upload music on Hiby OS devices doesn't protect against path traversal using ../.

The vulnerability has already been publicly disclosed here:
https://github.com/feric/Findings/tree/72e196bfc622b74a9ca72741cbb1d792fa80f7e7/Hiby/Web%20Server/Path%20Traversal

This is still present in the latest 1.6 firmware for the R3 Pro.

Metadata

Metadata

Assignees

No one assigned

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions