CVE-2019-6447

Name of the Vulnerable Software and Affected Versions ES File Explorer File Manager versions through 4.1.9.7.4

Description The issue allows remote attackers to read arbitrary files or execute applications via TCP port 59777 requests on the local Wi-Fi network. This TCP port remains open after the ES application has been launched once, and responds to unauthenticated application/json data over HTTP.

Recommendations For ES File Explorer File Manager versions through 4.1.9.7.4, as a temporary workaround, consider disabling the application's ability to listen on TCP port 59777 until a patch is available. Restrict access to the local Wi-Fi network to minimize the risk of exploitation. Avoid using the ES File Explorer File Manager application until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.