ColorOS Assistant Path Traversal Vulnerability Allowing Unauthenticated File Downloads

Vulnerability

A path traversal vulnerability has been identified in ColorOS Assistant, allowing unauthenticated users to initiate file downloads through a vulnerable channel. This issue arises from improper validation of file paths, which could be exploited to access unauthorized files on the server.

Impact

Exploitation of this vulnerability could lead to unauthorized file access and download, potentially allowing users to retrieve sensitive information from the affected device or system.

Added: Apr 30, 2026, 9:21 AM

Updated: Apr 30, 2026, 9:21 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.8

exploitability

7.4

remediation

0.0

relevance

7.1

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.8

exploitability

7.4

remediation

0.0

relevance

7.1

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

ColorOS Assistant Path Traversal Vulnerability Allowing Unauthenticated File Downloads

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating