PT-2020-17270 · Minimo4 · Amaze File Manager

Trancelove

Published

2020-12-30

Updated

2021-01-04

CVE-2020-35173

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Amaze File Manager versions prior to 3.4.2

Description The issue concerns the Amaze File Manager application, which does not properly restrict intents for controlling the FTP server. This specifically involves services.ftpservice.FTPReceiver.ACTION START FTPSERVER and services.ftpservice.FTPReceiver.ACTION STOP FTPSERVER.

Recommendations For Amaze File Manager versions prior to 3.4.2, update to version 3.4.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the FTP server control intents until the update is applied.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2020-35173

Affected Products

Amaze File Manager

PT-2020-17270 · Minimo4 · Amaze File Manager

CVE-2020-35173

Related Identifiers

Affected Products

References · 6