CVE-2026-30284 - Vulnerability Details

Description

An arbitrary file overwrite vulnerability in UXGROUP LLC Voice Recorder v10.0 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure.

Published: 2026-03-31

Score: 8.6 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The vulnerability permits arbitrary file overwrite through the import functionality of Voice Recorder. This flaw allows an attacker to replace critical internal files, leading to arbitrary code execution or sensitive data exposure. It is a Path Traversal flaw as defined by CWE-73.

Affected Systems

The affected product is UXGROUP LLC Voice Recorder, version 10.0, running on Android platforms.

Risk and Exploitability

The vulnerability has a CVSS score of 8.6, indicating high severity. The EPSS score is below 1%, suggesting that exploitation in the wild is currently unlikely. It is not listed in CISA’s KEV catalog. Based on the description, the likely attack vector requires the victim to import a malicious file or for an attacker to supply a crafted input to the import function. No network‑based exploitation is described.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

n/a

affected

Version	Status	Constraints
`n/a`	affected	—

Configuration 1 [-]

cpe:2.3:a:uxgroupllc:voice_recorder:10.0:*:*:*:*:android:*:*

No data.

Vendor Product Confidence Versions

Uxgroup

Voice Recorder

80%

Version	Status	Scheme	Platform
`10.0`	affected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Verify you are running UXGROUP LLC Voice Recorder version 10.0 and check the vendor website for an available patch; apply any released security update immediately.
Until a patch is available, avoid importing files from untrusted or unknown sources and restrict file input to trusted origins only.
If possible, configure the device to block external file transfers to the application.
Monitor the device for abnormal activity and consider disabling or uninstalling the application if it is not critical.

Generated by OpenCVE AI on April 6, 2026 at 17:32 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00015.

Exploitation poc

Automatable no

Technical Impact total

References

Link	Providers
http://voice.com
https://appcraze.co/
https://github.com/Secsys-FDU/AF_CVEs/issues/25
https://secsys.fudan.edu.cn/

History

Tue, 07 Apr 2026 08:00:00 +0000

Type	Values Removed	Values Added
Title	Arbitrary File Overwrite in UXGROUP LLC Voice Recorder v10.0 Enabling Code Execution

Mon, 06 Apr 2026 15:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Uxgroupllc Uxgroupllc voice Recorder
CPEs		cpe:2.3:a:uxgroupllc:voice_recorder:10.0:::::android::
Vendors & Products		Uxgroupllc Uxgroupllc voice Recorder

Fri, 03 Apr 2026 10:15:00 +0000

Type	Values Removed	Values Added
Title		Arbitrary File Overwrite in UXGROUP LLC Voice Recorder v10.0 Enabling Code Execution
First Time appeared		Uxgroup Uxgroup voice Recorder
Vendors & Products		Uxgroup Uxgroup voice Recorder

Thu, 02 Apr 2026 20:30:00 +0000

Type	Values Removed	Values Added
Title	Arbitrary File Overwrite in UXGROUP Voice Recorder Enables Code Execution
Weaknesses	CWE-22 CWE-788

Wed, 01 Apr 2026 23:45:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-73
Metrics		cvssV3_1 `{'score': 8.6, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H'}` ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Wed, 01 Apr 2026 02:15:00 +0000

Type	Values Removed	Values Added
Title		Arbitrary File Overwrite in UXGROUP Voice Recorder Enables Code Execution
Weaknesses		CWE-22 CWE-788

Tue, 31 Mar 2026 16:15:00 +0000

Type	Values Removed	Values Added
Description		An arbitrary file overwrite vulnerability in UXGROUP LLC Voice Recorder v10.0 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure.
References		http://voice.com https://appcraze.co/ https://github.com/Secsys-FDU/AF_CVEs/issues/25 https://secsys.fudan.edu.cn/

Subscriptions

Uxgroup Voice Recorder

Uxgroupllc Voice Recorder

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2026-03-31T00:00:00.000Z

Updated: 2026-04-01T18:06:58.822Z

Reserved: 2026-03-04T00:00:00.000Z

Link: CVE-2026-30284

Vulnrichment

Updated: 2026-04-01T18:06:26.076Z

NVD

Status : Analyzed

Published: 2026-03-31T16:16:29.950

Modified: 2026-04-06T15:11:01.410

Link: CVE-2026-30284

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-07T08:08:26Z

Weaknesses

CWE-73

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Exploitation poc

Automatable no

Technical Impact total

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object