Headline
CVE-2023-27105: [ID]
A vulnerability in the Wi-Fi file transfer module of Shanling M5S Portable Music Player with Shanling MTouch OS v4.3 and Shanling M2X Portable Music Player with Shanling MTouch OS v3.3 allows attackers to arbitrarily read, delete, or modify any critical system files via directory traversal.
4bf46f12****[ID]
CVE-2023-27105
[Affected Products and Versions]
Shanling Eddict Player v2.1.3 (Android Application)
Shanling Mtouch OS v3.3 (firmware for Shanling M2x Music Player)
[Vulnerability Type]
Directory Traversal
[Description]
A vulnerability in the Wi-Fi file transfer module of “Mtouch OS” allows attackers to arbitrarily read, delete or modify critical system files of music player via http connection. A similar vulnerability also appears in “Eddict Player”, which allows attackers to read, delete or modify any files in Android external storage when the files & media permission is given to this application.
When Wi-Fi file transfer module is activated, it will open a http server on port 8888. Normally, its front-end interface can prevent users from accessing the parent directory of the working directory of Wi-Fi file transfer.
However, the front-end restrictions can be simply bypassed by sending parameters in GET requests directly to /list, /delete or /download to list directories, delete files or download files.
The attackers can also upload any kinds of files by sending modified POST requests to ./upload.
[Vendor Homepage & Software Link]
https://en.shanling.com/
https://en.shanling.com/download/63
https://play.google.com/store/apps/details?id=com.shanling.eddictplayer