Mini Mouse Path Traversal Vulnerability Allowing Local File Inclusion
Vulnerability
A path traversal vulnerability has been identified in Mini Mouse version 9.3.0. This vulnerability allows attackers to access sensitive system directories by manipulating file path parameters in API requests. The issue arises in the device information endpoint, where exploited requests can retrieve file lists from critical system directories such as /usr, /etc, and /var.
Impact
Exploitation of this vulnerability could lead to unauthorized access to sensitive system files, potentially allowing for further exploitation or information disclosure.
Reproduction
The vulnerability can be reproduced by sending a request to the device information endpoint with manipulated file path parameters. This can be done using a tool like Burp Suite to intercept and modify the request. Once the device information is retrieved, the file list can be accessed by sending a request to the file list endpoint with the desired path parameter. The response will include the files in the specified directory, demonstrating the path traversal vulnerability.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.