PT-2023-30261 · Unknown · Com.Phlox.Simpleserver.Plus
Published
2023-12-27
·
Updated
2024-01-05
·
CVE-2023-46918
CVSS v3.1
4.6
Medium
| Vector | AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
com.phlox.simpleserver.plus (aka Simple HTTP Server PLUS) version 1.8.1-plus
Description
The Android manifest file of the affected software contains an entry with the
android:allowBackup attribute set to true. This could be leveraged by an attacker with physical access to the device.Recommendations
For version 1.8.1-plus, consider setting the
android:allowBackup attribute to false in the Android manifest file to prevent potential exploitation. As a temporary workaround, restrict physical access to devices running the affected software until a patch is available.Exploit
Fix
Using Hardcoded Credentials
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Com.Phlox.Simpleserver.Plus