VYPR
← All advisories
Unrated severityNVD Advisory· Published May 5, 2022· Updated Aug 4, 2024

CVE-2021-45783

CVE-2021-45783

Description

Bookeen Notea Firmware BK_R_1.0.5_20210608 is affected by a directory traversal vulnerability that allows an attacker to obtain sensitive information.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Directory traversal in Bookeen Notea firmware BK_R_1.0.5_20210608 allows reading arbitrary files, exposing sensitive device information.

Vulnerability

A directory traversal vulnerability exists in Bookeen Notea firmware version BK_R_1.0.5_20210608. The flaw allows an attacker to read arbitrary files on the device by manipulating file path parameters, bypassing intended access restrictions [1][2].

Exploitation

An attacker with network access to the device can exploit this by sending crafted HTTP requests containing path traversal sequences (such as ../) in file-related parameters. No authentication is required, and the attack can be performed remotely without user interaction [1][2].

Impact

Successful exploitation leads to unauthorized disclosure of sensitive information, including configuration files, user data, and other system files stored on the device. This compromises the confidentiality of the device and potentially exposes credentials or other secrets [1][2].

Mitigation

As of the publication date (2022-05-05), no patched firmware version has been released. Users should monitor the vendor for updates and restrict network access to the device until a fix is applied [1][2].

References
  1. SecurityResearch/CVE-2021-45783 at main · cmaillioux/SecurityResearch
  2. Packet Storm

AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2
  • Bookeen/Notea Firmwaredescription
  • Bookeen/Noteallm-create
    Range: = BK_R_1.0.5_20210608

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

3

News mentions

0

No linked articles in our index yet.