UXGROUP Cast to TV Screen Mirroring Arbitrary File Overwrite Vulnerability Allowing Code Execution or Information Exposure

A vulnerability allowing arbitrary file overwriting has been identified in UXGROUP LLC's Cast to TV Screen Mirroring application, version 2.2.77. This vulnerability arises from inadequate security validation during the file import process, enabling attackers to overwrite critical internal files. Exploitation of this vulnerability could lead to arbitrary code execution or unauthorized information disclosure.

Impact

Exploitation of this vulnerability allows for arbitrary file overwriting, which could be used to execute malicious code or access sensitive information.

Reproduction

The vulnerability can be reproduced by importing a file through the application's file import process. A crafted file path can be used to overwrite internal files, taking advantage of directory traversal techniques to access sensitive data stored within the app's private storage. Once the data is extracted, it can be written to shared external storage, where it can be accessed by other applications on the device.