Arbitrary File Read Vulnerabilities in Emby Server on Windows (Version 4.6.4.0)

Arbitrary File Read Vulnerabilities in Emby Server on Windows (Version 4.6.4.0)

CVE-2021-32833 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

Emby Server is a personal media server with apps on many devices. In Emby Server on Windows there is a set of arbitrary file read vulnerabilities. This vulnerability is known to exist in version 4.6.4.0 and may not be patched in later versions. Known vulnerable routes are /Videos/Id/hls/PlaylistId/SegmentId.SegmentContainer, /Images/Ratings/theme/name and /Images/MediaInfo/theme/name. For more details including proof of concept code, refer to the referenced GHSL-2021-051. This issue may lead to unauthorized access to the system especially when Emby Server is configured to be accessible from the Internet.

Learn more about our Cis Benchmark Audit For Server Software.