Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Path traversal vulnerability in web server. #9

Open
vext01 opened this issue Aug 29, 2021 · 1 comment
Open

Path traversal vulnerability in web server. #9

vext01 opened this issue Aug 29, 2021 · 1 comment

Comments

@vext01
Copy link
Owner

vext01 commented Aug 29, 2021

The web server used to upload music on Hiby OS devices doesn't protect against path traversal using ../.

The vulnerability has already been publicly disclosed here:
https://github.com/feric/Findings/tree/72e196bfc622b74a9ca72741cbb1d792fa80f7e7/Hiby/Web%20Server/Path%20Traversal

This is still present in the latest 1.6 firmware for the R3 Pro.

@vext01
Copy link
Owner Author

vext01 commented Aug 29, 2021

CC @feric who originally disclosed this vuln.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

1 participant