Name of the Vulnerable Software and Affected Versions:

Bluebird barcode scanner application versions prior to 1.3.3

Description:

The barcode scanner application on Bluebird devices exposes an unsecured broadcast receiver, `kr.co.bluebird.android.bbsettings.BootReceiver`. A local attacker can exploit this to overwrite files containing the ".json" keyword with a default barcode configuration file. The application lacks protection against path traversal vulnerabilities when specifying the file name, allowing overwriting of files in any location.

Recommendations:

Update the barcode scanner application to version 1.3.3 or later.