feric

2 exploits Active since Mar 2022

CVE-2021-44124 WRITEUP HIGH WRITEUP

Hiby R3 Pro Firmware 1.5-1.6 - Path Traversal via HTTP Server

Hiby Music Hiby OS R3 Pro 1.5 and 1.6 is vulnerable to Directory Traversal. The HTTP Server does not have enough input data sanitization when shown data from SD Card, an attacker can navigate through the device's File System over HTTP.

CVSS 7.5

View Code

CVE-2022-34496 WRITEUP CRITICAL WRITEUP

Hiby R3 PRO and R3 PRO Saber Firmware 1.5-1.7 - Unrestricted Upload of File with Dangerous Type via File Upload Feature

Hiby R3 PRO firmware v1.5 to v1.7 was discovered to contain a file upload vulnerability via the file upload feature.

CVSS 9.8

View Code