BlackBerry Link prior to 1.2.1.31 on Windows and prior to 1.1.1 build 39 on Mac OS X does not require authentication for remote file-access folders, which allows remote malicious users to read or create arbitrary files via IPv6 WebDAV requests, as demonstrated by a CSRF attack involving DNS rebinding.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
blackberry blackberry_link 1.0.1.12 |
||
blackberry blackberry_link |
||
blackberry blackberry_link 1.2.0.12 |
||
blackberry blackberry_link 1.1.1.41 |
||
blackberry blackberry_link 1.1.1.26 |