# Exploit Title: Bookeen Notea - Directory Traversal# Date: December 2021# Exploit Author: Clement MAILLIOUX# Vendor Homepage: https://bookeen.com/# Software Link: N/A# Version: BK_R_1.0.5_20210608# Tested on: Bookeen Notea (Android 8.1)# CVE : CVE 2021-45783# The affected version of the Bookeen Notea System Update is prone to directory traversal vulnerability related to its note Export function.# The vulnerability can be triggered like so : # - Create a note or use an existing note on the device# - rename this note ../../../../../../# - keep touching the note until a menu appears# - touch to select "export"# - touch "View"# Now you can access and explore the device filesystem.
