Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2020-5764

MX Player Android App versions prior to v1.24.5, are vulnerable to a directory traversal vulnerability when user is using the MX Transfer feature in "Receive" mode. An attacker can exploit this by connecting to the MX Transfer session as a "sender" and sending a MessageType of "FILE_LIST" with a "name" field containing directory traversal characters (../). This will result in the file being transferred to the victim's phone, but being saved outside of the intended "/sdcard/MXshare" directory. In some instances, an attacker can achieve remote code execution by writing ".odex" and ".vdex" files in the "oat" directory of the MX Player application.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.006
EPSS Ranking 69.7%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 5.8
Products affected by CVE-2020-5764


Contact Us

Shodan ® - All rights reserved