CVE-2021-45783

MEDIUM

Bookeen Notea Firmware BK_R_1.0.5_20210608 - Path Traversal

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2021-45783. PoCs published by Clement MAILLIOUX.

AI-analyzed exploit summary This exploit demonstrates a directory traversal vulnerability in Bookeen Notea's note export function. By renaming a note with a traversal payload (e.g., ../../../../../../), an attacker can access the device's filesystem when exporting the note.

Description

Bookeen Notea Firmware BK_R_1.0.5_20210608 is affected by a directory traversal vulnerability that allows an attacker to obtain sensitive information.

Exploits (1)

exploitdb WORKING POC

by Clement MAILLIOUX · textremoteandroid

https://www.exploit-db.com/exploits/50897

View Code ZIP pw:eip

This exploit demonstrates a directory traversal vulnerability in Bookeen Notea's note export function. By renaming a note with a traversal payload (e.g., ../../../../../../), an attacker can access the device's filesystem when exporting the note.

Classification

Working Poc 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Bookeen Notea BK_R_1.0.5_20210608

No auth needed

Prerequisites: Physical access to the device or ability to create/rename notes

MITRE ATT&CK

T1006 - Direct Volume Access

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Product x_refsource_misc

http://bookeen.com

Exploit, Third Party Advisory x_refsource_misc

https://github.com/cmaillioux/SecurityResearch/blob/main/CVE-2021-45783

View Exploit ZIP pw:eip

Exploit, Third Party Advisory x_refsource_misc

http://packetstormsecurity.com/files/167016/Bookeen-Notea-BK_R_1.0.5_20210608-Directory-Traversal.html

Scores

CVSS v3 4.6

EPSS 0.0191

EPSS Percentile 77.1%

Attack Vector PHYSICAL

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-22

Status published

Products (1)

bookeen/notea_firmware bk_r_1.0.5_20210608

Published May 05, 2022

Tracked Since Feb 18, 2026