Sign-up

ID

VAR-201901-0308


CVE

CVE-2019-6447


TITLE

Android for ES File Explorer File Manager Application input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-001728

DESCRIPTION

The ES File Explorer File Manager application through 4.1.9.7.4 for Android allows remote attackers to read arbitrary files or execute applications via TCP port 59777 requests on the local Wi-Fi network. This TCP port remains open after the ES application has been launched once, and responds to unauthenticated application/json data over HTTP

Trust: 1.71

sources: NVD: CVE-2019-6447 // JVNDB: JVNDB-2019-001728 // VULMON: CVE-2019-6447

IOT TAXONOMY

category:['other device']sub_category:general

Trust: 0.1

sources: OTHER: None

AFFECTED PRODUCTS

vendor:estrongsmodel:es file explorer file managerscope:lteversion:4.1.9.7.4

Trust: 1.0

vendor:es app groupmodel:file explorer file managerscope:lteversion:4.1.9.7.4 (android)

Trust: 0.8

sources: JVNDB: JVNDB-2019-001728 // NVD: CVE-2019-6447

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-6447
value: HIGH

Trust: 1.0

NVD: CVE-2019-6447
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201901-602
value: HIGH

Trust: 0.6

VULMON: CVE-2019-6447
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-6447
severity: MEDIUM
baseScore: 4.8
vectorString: AV:A/AC:L/AU:N/C:P/I:P/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.5
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

nvd@nist.gov: CVE-2019-6447
baseSeverity: HIGH
baseScore: 8.1
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 5.2
version: 3.1

Trust: 1.0

NVD: CVE-2019-6447
baseSeverity: HIGH
baseScore: 8.1
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULMON: CVE-2019-6447 // JVNDB: JVNDB-2019-001728 // CNNVD: CNNVD-201901-602 // NVD: CVE-2019-6447

PROBLEMTYPE DATA

problemtype:CWE-306

Trust: 1.0

problemtype:CWE-20

Trust: 0.8

sources: JVNDB: JVNDB-2019-001728 // NVD: CVE-2019-6447

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201901-602

TYPE

access control error

Trust: 0.6

sources: CNNVD: CNNVD-201901-602

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-001728

PATCH
title:Top Pageurl:http://www.estrongs.com/?lang=en
Trust: 0.8
title: - url:https://github.com/KaviDk/CVE-2019-6447-in-Mobile-Application 
Trust: 0.1
title:POC-ES-File-Explorer-CVE-2019-6447url:https://github.com/julio-cfa/POC-ES-File-Explorer-CVE-2019-6447 
Trust: 0.1
title: - url:https://github.com/k4u5h41/CVE-2019-6447 
Trust: 0.1
title:cve-2019-6447url:https://github.com/mcmahonr/cve-2019-6447 
Trust: 0.1
title: - url:https://github.com/Chethine/EsFileExplorer-CVE-2019-6447 
Trust: 0.1
title:CVE-2019-6447url:https://github.com/1nf1n17yk1ng/CVE-2019-6447 
Trust: 0.1
title:CVE-2019-6447-ESfile-explorer-exploiturl:https://github.com/febinrev/CVE-2019-6447-ESfile-explorer-exploit 
Trust: 0.1
title:esfileurl:https://github.com/amjadkhan345/esfile 
Trust: 0.1
title:cve_2019-6447url:https://github.com/volysandro/cve_2019-6447 
Trust: 0.1
title:CVE-2019-6447url:https://github.com/3hydraking/CVE-2019-6447 
Trust: 0.1
title: - url:https://github.com/Osuni-99/CVE-2019-6447 
Trust: 0.1
title: - url:https://github.com/svg153/awesome-stars 
Trust: 0.1
title:esexplorervulnurl:https://github.com/codeonlinux/esexplorervuln 
Trust: 0.1
title:good-articles-by-timeurl:https://github.com/zhang0peter/good-articles-by-time 
Trust: 0.1
title:awesome-starsurl:https://github.com/mooyoul/awesome-stars 
Trust: 0.1
title: - url:https://github.com/VinuKalana/CVE-2019-6447-Android-Vulnerability-in-ES-File-Explorer 
Trust: 0.1
title: - url:https://github.com/vino-theva/CVE-2019-6447 
Trust: 0.1
title:ESFileExplorerOpenPortVulnurl:https://github.com/fs0c131y/ESFileExplorerOpenPortVuln 
Trust: 0.1
title:awesome-hackingurl:https://github.com/QWERTSKIHACK/awesome-hacking 
Trust: 0.1
title:AwesomeHackingurl:https://github.com/REY-AKA-RJDJ0261/AwesomeHacking 
Trust: 0.1
title:awesome-hackingurl:https://github.com/Aruack/awesome-hacking 
Trust: 0.1
title:Ensemble-HackToolsurl:https://github.com/Rexinazor/Ensemble-HackTools 
Trust: 0.1
title:awesome-hackingurl:https://github.com/jekil/awesome-hacking 
Trust: 0.1
title: - url:https://github.com/nitishbadole/oscp-note-3 
Trust: 0.1
title:awesome-hackingurl:https://github.com/rohankumardubey/awesome-hacking 
Trust: 0.1
title: - url:https://github.com/eljosep/OSCP-Guide 
Trust: 0.1
title: - url:https://github.com/Ly0nt4r/OSCP 
Trust: 0.1
title: - url:https://github.com/ghostXing/hacking 
Trust: 0.1
title: - url:https://github.com/e-hakson/OSCP 
Trust: 0.1
title:awesome-cyber-securityurl:https://github.com/xrkk/awesome-cyber-security 
Trust: 0.1
title:Cyber-Security_Collectionurl:https://github.com/RakhithJK/Cyber-Security_Collection 
Trust: 0.1
title:PoCurl:https://github.com/Jonathan-Elias/PoC 
Trust: 0.1
title:CVE-POCurl:https://github.com/0xT11/CVE-POC 
Trust: 0.1
title:PoC-in-GitHuburl:https://github.com/hectorgie/PoC-in-GitHub 
Trust: 0.1
title:PoC-in-GitHuburl:https://github.com/developer3000S/PoC-in-GitHub 
Trust: 0.1
title:PoC-in-GitHuburl:https://github.com/nomi-sec/PoC-in-GitHub 
Trust: 0.1
title:BleepingComputerurl:https://www.bleepingcomputer.com/news/security/es-file-explorer-flaws-put-100-million-users-data-at-risk-fix-promised/
Trust: 0.1
sources:
            
            
            VULMON: CVE-2019-6447 // 
            
            
            
            JVNDB: JVNDB-2019-001728

EXTERNAL IDS
db:NVDid:CVE-2019-6447
Trust: 2.6
db:PACKETSTORMid:163303
Trust: 1.7
db:JVNDBid:JVNDB-2019-001728
Trust: 0.8
db:EXPLOIT-DBid:50070
Trust: 0.6
db:PACKETSTORMid:161657
Trust: 0.6
db:CNNVDid:CNNVD-201901-602
Trust: 0.6
db:OTHERid:NONE
Trust: 0.1
db:VULMONid:CVE-2019-6447
Trust: 0.1
sources:
            
            
            OTHER: None // 
            
            
            
            VULMON: CVE-2019-6447 // 
            
            
            
            JVNDB: JVNDB-2019-001728 // 
            
            
            
            CNNVD: CNNVD-201901-602 // 
            
            
            
            NVD: CVE-2019-6447

REFERENCES
url:https://github.com/fs0c131y/esfileexploreropenportvuln
Trust: 2.5
url:http://packetstormsecurity.com/files/163303/es-file-explorer-4.1.9.7.4-arbitrary-file-read.html
Trust: 2.3
url:https://twitter.com/fs0c131y/status/1085460755313508352
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6447
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2019-6447
Trust: 0.8
url:https://packetstormsecurity.com/files/161657/android-vulnerability-in-es-file-explorer.html
Trust: 0.6
url:https://www.exploit-db.com/exploits/50070
Trust: 0.6
url:https://ieeexplore.ieee.org/abstract/document/10769424
Trust: 0.1
url:https://cwe.mitre.org/data/definitions/306.html
Trust: 0.1
url:https://github.com/kavidk/cve-2019-6447-in-mobile-application
Trust: 0.1
url:https://github.com/julio-cfa/poc-es-file-explorer-cve-2019-6447
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://github.com/zhang0peter/good-articles-by-time
Trust: 0.1
sources:
            
            
            OTHER: None // 
            
            
            
            VULMON: CVE-2019-6447 // 
            
            
            
            JVNDB: JVNDB-2019-001728 // 
            
            
            
            CNNVD: CNNVD-201901-602 // 
            
            
            
            NVD: CVE-2019-6447

CREDITS
Tanmay Tyagi
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201901-602

SOURCES
db:OTHERid: - 
db:VULMONid:CVE-2019-6447
db:JVNDBid:JVNDB-2019-001728
db:CNNVDid:CNNVD-201901-602
db:NVDid:CVE-2019-6447

LAST UPDATE DATE
2025-01-30T21:10:50.661000+00:00

SOURCES UPDATE DATE
db:VULMONid:CVE-2019-6447date:2023-02-01T00:00:00
db:JVNDBid:JVNDB-2019-001728date:2019-03-25T00:00:00
db:CNNVDid:CNNVD-201901-602date:2021-06-30T00:00:00
db:NVDid:CVE-2019-6447date:2024-11-21T04:46:28.287

SOURCES RELEASE DATE
db:VULMONid:CVE-2019-6447date:2019-01-16T00:00:00
db:JVNDBid:JVNDB-2019-001728date:2019-03-25T00:00:00
db:CNNVDid:CNNVD-201901-602date:2019-01-17T00:00:00
db:NVDid:CVE-2019-6447date:2019-01-16T14:29:00.327