CVE-2021-44124

Name of the Vulnerable Software and Affected Versions Hiby Music Hiby OS R3 Pro versions 1.5 through 1.6

Description The issue allows an attacker to navigate through the device's file system over HTTP due to insufficient input data sanitization in the HTTP Server when displaying data from the SD Card. This is a result of a Directory Traversal vulnerability.

Recommendations For versions 1.5 and 1.6, consider restricting access to the HTTP Server until a patch is available. As a temporary workaround, avoid using the HTTP Server to display data from the SD Card until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.