QwikSec

Security Database

CVE

CWE

Training

CVE-2014-7954

Published: Jul 7, 2017

Modified: Aug 6, 2024

PUBLISHED

Description

Directory traversal vulnerability in the doSendObjectInfo method in frameworks/av/media/mtp/MtpServer.cpp in Android 4.4.4 allows physically proximate attackers with a direct connection to the target Android device to upload files outside of the sdcard via a .. (dot dot) in a name parameter of an MTP request.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

20150417 CVE-2014-7954 MTP path traversal vulnerability in Android

mailing-list

x_refsource_FULLDISC

http://packetstormsecurity.com/files/131509/Android-4.4-MTP-Path-Traversal.html

x_refsource_MISC

vdb-entry

x_refsource_BID

20150417 CVE-2014-7954 MTP path traversal vulnerability in Android

mailing-list

x_refsource_BUGTRAQ

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.