Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Directory traversal vulnerability in the doSendObjectInfo method in frameworks/av/media/mtp/MtpServer.cpp in Android 4.4.4 allows physically proximate attackers with a direct connection to the target Android device to upload files outside of the sdcard via a .. (dot dot) in a name parameter of an MTP request.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Android 路径遍历漏洞
Vulnerability Description
Android是美国谷歌(Google)公司和开放手持设备联盟(简称OHA)共同开发的一套以Linux为基础的开源操作系统。 Android 4.4.4版本中的frameworks/av/media/mtp/MtpServer.cpp文件的doSendObjectInfo方法存在目录遍历漏洞。物理位置临近的攻击者可借助MTP请求的‘name’参数中的‘..’利用该漏洞上传文件。
CVSS Information
N/A
Vulnerability Type
N/A