PT-2025-29907 · Blubird · Bluebird Barcode Scanner
Szymon Chadam
·
Published
2025-07-17
·
Updated
2025-07-17
·
CVE-2025-5346
CVSS v4.0
5.1
Medium
| Vector | AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N |
Name of the Vulnerable Software and Affected Versions
Bluebird barcode scanner application versions prior to 1.3.3
Description
The barcode scanner application on Bluebird devices exposes an unsecured broadcast receiver,
kr.co.bluebird.android.bbsettings.BootReceiver. A local attacker can exploit this to overwrite files containing the ".json" keyword with a default barcode configuration file. The application lacks protection against path traversal vulnerabilities when specifying the file name, allowing overwriting of files in any location.Recommendations
Update the barcode scanner application to version 1.3.3 or later.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Bluebird Barcode Scanner