Directory traversal in SHAREit for Android - CVE-2019-9938
Published: February 27, 2019 / Updated: March 22, 2019
Vulnerability identifier: #VU17875
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Green
CVE-ID: CVE-2019-9938
CWE-ID: CWE-22
Exploitation vector: Adjecent network
Exploit availability:
No public exploit available
Vendor: SHAREit Technologies Co.Ltd
Affected software:
SHAREit for Android
SHAREit for Android
Detailed vulnerability description
The vulnerability allows a remote authenticated attacker to access arbitrary file on the device.
The vulnerability exists due to the application delivers to authenticated clients any file that was passed via "metadataid" HTTP GET parameter. A remote authenticated attacker can indicate a full path to the file on the device and download it.
Please note, the affected version of the application contains another vulnerability that allows an attacker to bypass authentication process. As a result, the remote unauthenticated attacker, who can sucessfuly exploit two vulnerabilities, can read arbitrary files from the device.
How to mitigate CVE-2019-9938
Install updates from vendor's website.