EUVD-2025-21762

ID: EUVD-2025-21762

Severity: medium

CVSS v4: 5.1 (CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N)

CVSS v3: Not provided

CWE: None listed

Source: ENISA

Description

Bluebird devices contain a pre-loaded barcode scanner application. This application exposes an unsecured broadcast receiver "kr.co.bluebird.android.bbsettings.BootReceiver". A local attacker can call the receiver to overwrite file containing ".json" keyword with default barcode config file. It is possible to overwrite file in any location due to lack of protection against path traversal in name of the file. This issue affects all versions before 1.3.3.

Timestamps

Normalized: 2025-12-31T11:32:17Z UTC
Last updated: 2025-12-31T11:29:58Z UTC

References

No references provided.

VulnAI

EUVD-2025-21762

Description

Timestamps

References