PT-2023-20956 · Shanling · Shanling M5S+2
Published
2023-04-25
·
Updated
2023-05-04
·
CVE-2023-27105
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Shanling M5S Portable Music Player with Shanling MTouch OS version 4.3
Shanling M2X Portable Music Player with Shanling MTouch OS version 3.3
Description
A vulnerability in the Wi-Fi file transfer module allows attackers to arbitrarily read, delete, or modify any critical system files via directory traversal.
Recommendations
For Shanling M5S Portable Music Player with Shanling MTouch OS version 4.3, consider disabling the Wi-Fi file transfer module until a patch is available.
For Shanling M2X Portable Music Player with Shanling MTouch OS version 3.3, consider disabling the Wi-Fi file transfer module until a patch is available.
As a temporary workaround, restrict access to critical system files to minimize the risk of exploitation.
Exploit
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Shanling M2X
Shanling M5S
Shanling Mtouch Os