Skip to main content
Radar
DashboardThreatsMapFeedsAPI
reconnecting

CVE-2025-5346: CWE-926 Improper Export of Android Application Components in Bluebird kr.co.bluebird.android.bbsettings

Medium
VulnerabilityCVE-2025-5346cvecve-2025-5346cwe-926
Published: Thu Jul 17 2025 (07/17/2025, 12:45:56 UTC)
Source: CVE Database V5
Vendor/Project: Bluebird
Product: kr.co.bluebird.android.bbsettings

Description

Bluebird devices contain a pre-loaded barcode scanner application. This application exposes an unsecured broadcast receiver "kr.co.bluebird.android.bbsettings.BootReceiver". A local attacker can call the receiver to overwrite file containing ".json" keyword with default barcode config file. It is possible to overwrite file in any location due to lack of protection against path traversal in name of the file. This issue affects all versions before 1.3.3.

Technical Details

Data Version
5.1
Assigner Short Name
CERT-PL
Date Reserved
2025-05-30T06:40:16.684Z
Cvss Version
4.0
State
PUBLISHED

Threat ID: 6878f79ba83201eaace5cfab

Added to database: 7/17/2025, 1:16:11 PM

Last updated: 7/17/2025, 1:16:11 PM

Views: 1

Related Threats

CVE-2025-5345: CWE-926 Improper Export of Android Application Components in Bluebird com.bluebird.filemanagers

Medium
VulnerabilityThu Jul 17 2025

CVE-2025-5344: CWE-926 Improper Export of Android Application Components in Bluebird com.bluebird.kiosk.launcher

High
VulnerabilityThu Jul 17 2025

CVE-2025-52933

Unknown
VulnerabilityThu Jul 17 2025

CVE-2025-4302: CWE-203 Observable Discrepancy in Stop User Enumeration

High
VulnerabilityThu Jul 17 2025

CVE-2025-7735: CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in UNIMAX Hospital Information System

High
VulnerabilityThu Jul 17 2025

Actions

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats