Open
Description
The web server used to upload music on Hiby OS devices doesn't protect against path traversal using ../.
The vulnerability has already been publicly disclosed here:
https://github.com/feric/Findings/tree/72e196bfc622b74a9ca72741cbb1d792fa80f7e7/Hiby/Web%20Server/Path%20Traversal
This is still present in the latest 1.6 firmware for the R3 Pro.