Description
A path traversal vulnerability exists in the Xiaomi File Manager application product(international version). The vulnerability is caused by unfiltered special characters and can be exploited by attackers to overwrite and execute code in the file.
References (1)
Core 1
Core References
Vendor Advisory
https://trust.mi.com/misrc/bulletins/advisory?cveId=541
Scores
CVSS v3
6.3
EPSS
0.0052
EPSS Percentile
39.9%
Attack Vector
PHYSICAL
CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-22
Status
published
Products (1)
mi/file_manager
1-210567
Published
Aug 28, 2024
Tracked Since
Feb 18, 2026