#VU17875 Directory traversal in SHAREit for Android - CVE-2019-9938
Published: February 27, 2019 / Updated: March 22, 2019
Vulnerability identifier: #VU17875
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Green
CVE-ID: CVE-2019-9938
CWE-ID: CWE-22
Exploitation vector: Adjecent network
Exploit availability:
No public exploit available
Vulnerable software:
SHAREit for Android
SHAREit for Android
Software vendor:
SHAREit Technologies Co.Ltd
SHAREit Technologies Co.Ltd
Description
The vulnerability allows a remote authenticated attacker to access arbitrary file on the device.
The vulnerability exists due to the application delivers to authenticated clients any file that was passed via "metadataid" HTTP GET parameter. A remote authenticated attacker can indicate a full path to the file on the device and download it.
Please note, the affected version of the application contains another vulnerability that allows an attacker to bypass authentication process. As a result, the remote unauthenticated attacker, who can sucessfuly exploit two vulnerabilities, can read arbitrary files from the device.
Remediation
Install updates from vendor's website.