TA/UTAX Mobile Print App Arbitrary File Overwrite Vulnerability Allowing Code Execution

A vulnerability allowing arbitrary file overwriting has been identified in the TA/UTAX Mobile Print app, version 3.7.2.251001. This vulnerability arises from inadequate security checks during the file import process, enabling attackers to overwrite critical internal files. The exploitation of this vulnerability could lead to unauthorized code execution, exposure of sensitive information, or cause the app to malfunction or fail to launch.

Impact

Exploitation of this vulnerability could result in the overwriting of essential configuration or executable files, potentially allowing for arbitrary code execution, disruption of the app's functionality, or unauthorized access to sensitive information.

Reproduction

The vulnerability can be reproduced by importing files through the TA/UTAX Mobile Print app. A malicious app can be crafted to control the filename and content, using path traversal techniques to overwrite sensitive files in the application's internal storage. Once the victim opens the malicious app, the overwriting occurs automatically, without the need for complex user interaction.