CVE-2024-8058 | THREATINT

Description

An improper parsing vulnerability was reported in the FileZ client that could allow a crafted file in the FileZ directory to read arbitrary files on the device due to URL preloading.

PUBLISHED Reserved 2024-08-21 | Published 2024-12-16 | Updated 2025-08-27 | Assigner lenovo

HIGH: 7.6CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L

Problem types

CWE-1287 Improper Validation of Specified Type of Input

Product status

Default status

unaffected

Any version before 9.8.6.0

affected

Credits

Lenovo thanks HisJane for reporting this issue. finder

References

www.filez.com/securityPolicy/1.html?1733849740

cve.org (CVE-2024-8058)

nvd.nist.gov (CVE-2024-8058)

Download JSON