Description
An arbitrary file overwrite vulnerability in UXGROUP LLC Voice Recorder v10.0 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure.
Published: 2026-03-31
Score: n/a
EPSS: n/a
KEV: No
Impact: Arbitrary File Overwrite
Action: Immediate Patch
AI Analysis

Impact

The vulnerability allows an attacker to overwrite critical internal files during the file import process. By replacing legitimate files, the attacker may achieve arbitrary code execution or expose sensitive information. The weakness arises from insufficient validation of file paths, permitting unintended file replacement.

Affected Systems

UXGROUP LLC Voice Recorder version 10.0 is affected. No other versions or vendors are listed.

Risk and Exploitability

The impact can be severe, granting the ability to replace protected files. The likely attack vector is via the import feature, which may be exposed locally or remotely depending on the deployment environment. While CVSS and EPSS scores are not provided, the absence of mitigation from the vendor and the ease of triggering the flaw suggest a high potential for exploitation. The vulnerability is not listed in the CISA KEV catalog, but that does not reduce the risk in environments where the import function is available to untrusted users.

Generated by OpenCVE AI on March 31, 2026 at 17:52 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply any vendor‑issued patch or update for Voice Recorder.
  • If no patch is available, disable the file import feature until a fix is released.
  • Restrict import functionality to privileged users and limit network exposure.
  • Implement server‑side validation to reject file paths that target protected directories.
  • Verify the integrity of imported files using checksums or digital signatures.

Generated by OpenCVE AI on March 31, 2026 at 17:52 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 01 Apr 2026 02:15:00 +0000

Type Values Removed Values Added
Title Arbitrary File Overwrite in UXGROUP Voice Recorder Enables Code Execution
Weaknesses CWE-22
CWE-788

Tue, 31 Mar 2026 16:15:00 +0000

Type Values Removed Values Added
Description An arbitrary file overwrite vulnerability in UXGROUP LLC Voice Recorder v10.0 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure.
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-03-31T15:53:32.035Z

Reserved: 2026-03-04T00:00:00.000Z

Link: CVE-2026-30284

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-03-31T16:16:29.950

Modified: 2026-03-31T16:16:29.950

Link: CVE-2026-30284

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-31T19:56:53Z

Weaknesses