CVE-2021-44124
HIGHHiby R3 Pro Firmware 1.5-1.6 - Path Traversal via HTTP Server
Title source: llmDescription
Hiby Music Hiby OS R3 Pro 1.5 and 1.6 is vulnerable to Directory Traversal. The HTTP Server does not have enough input data sanitization when shown data from SD Card, an attacker can navigate through the device's File System over HTTP.
References (2)
Core 2
Core References
Exploit, Third Party Advisory x_refsource_misc
https://github.com/feric/Findings/tree/main/Hiby/Web%20Server/Path%20Traversal
Exploit, Third Party Advisory x_refsource_misc
https://github.com/vext01/hiby-issues/issues/9#issuecomment-907891626
Scores
CVSS v3
7.5
EPSS
0.0186
EPSS Percentile
76.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-22
Status
published
Products (2)
hiby/r3_pro_firmware
1.5
hiby/r3_pro_firmware
1.6
Published
Mar 28, 2022
Tracked Since
Feb 18, 2026