Description
An arbitrary file overwrite vulnerability in RAREPROB SOLUTIONS PRIVATE LIMITED Video player Play All Videos v1.0.135 allows attackers to overwrite critical internal files via the file import process, leading to arbtrary code execution or information exposure.
Published: 2026-03-31
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Arbitrary code execution from file overwrite
Action: Assess Impact
AI Analysis

Impact

An arbitrary file overwrite vulnerability in the Rareprob Video Player Play All Videos allows an attacker to replace critical internal files during the file import process, potentially leading to code execution or leakage of sensitive data. The weakness is identified as improper file handling, classified as CWE-434.

Affected Systems

The vulnerability affects Rareprob Solutions Private Limited's Video Player Play All Videos, version 1.0.135, available on Android devices. No other products or versions are confirmed.

Risk and Exploitability

The CVSS score of 5.3 indicates a moderate severity. The EPSS score below 1% suggests a low probability of exploitation, and the vulnerability is not listed in the CISA KEV catalog. Based on the description, the likely attack vector involves a local user or an attacker with file import privileges supplying a crafted file to overwrite protected files. Consequently, the impact is limited to the gain of code execution or data exposure, contingent on successful file replacement.

Generated by OpenCVE AI on April 2, 2026 at 23:04 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Verify whether the Rareprob Video Player Play All Videos 1.0.135 is installed on your Android devices.
  • Check with the vendor for an available patch or updated version that addresses the file overwrite issue.
  • If no patch is available, restrict the file import function to trusted sources or disable it entirely.
  • Apply the principle of least privilege, ensuring the application runs with the minimal permissions necessary.
  • Monitor system logs and file integrity for unauthorized file modifications in the Video Player directory.

Generated by OpenCVE AI on April 2, 2026 at 23:04 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 03 Apr 2026 10:15:00 +0000

Type Values Removed Values Added
Title Unrestricted File Overwrite in Video Player Allows Arbitrary Code Execution

Thu, 02 Apr 2026 20:45:00 +0000

Type Values Removed Values Added
First Time appeared Rareprob
Rareprob video Player
CPEs cpe:2.3:a:rareprob:video_player:1.0.135:*:*:*:*:android:*:*
Vendors & Products Rareprob
Rareprob video Player

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
Title Unrestricted File Overwrite in Video Player Allows Arbitrary Code Execution

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-434
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 01 Apr 2026 02:15:00 +0000

Type Values Removed Values Added
Description An arbitrary file overwrite vulnerability in RAREPROB SOLUTIONS PRIVATE LIMITED Video player Play All Videos v1.0.135 allows attackers to overwrite critical internal files via the file import process, leading to arbtrary code execution or information exposure.
References

Subscriptions

Rareprob Video Player
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-04-01T14:49:03.226Z

Reserved: 2026-03-04T00:00:00.000Z

Link: CVE-2026-30280

cve-icon Vulnrichment

Updated: 2026-04-01T14:48:43.584Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-31T20:16:26.420

Modified: 2026-04-02T20:44:44.690

Link: CVE-2026-30280

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-03T09:37:54Z

Weaknesses