{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2026-30284", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2026-04-01T18:06:58.822Z", "dateReserved": "2026-03-04T00:00:00.000Z", "datePublished": "2026-03-31T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-03-31T15:53:32.035Z"}, "descriptions": [{"lang": "en", "value": "An arbitrary file overwrite vulnerability in UXGROUP LLC Voice Recorder v10.0 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://secsys.fudan.edu.cn/"}, {"url": "https://appcraze.co/"}, {"url": "http://voice.com"}, {"url": "https://github.com/Secsys-FDU/AF_CVEs/issues/25"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-73", "lang": "en", "description": "CWE-73 External Control of File Name or Path"}]}], "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.6, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-04-01T18:05:43.917725Z", "id": "CVE-2026-30284", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-01T18:06:58.822Z"}}]}, "dataVersion": "5.2"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.6, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-30284", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-01T18:05:43.917725Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-73", "description": "CWE-73 External Control of File Name or Path"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-01T18:06:26.076Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://secsys.fudan.edu.cn/"}, {"url": "https://appcraze.co/"}, {"url": "http://voice.com"}, {"url": "https://github.com/Secsys-FDU/AF_CVEs/issues/25"}], "descriptions": [{"lang": "en", "value": "An arbitrary file overwrite vulnerability in UXGROUP LLC Voice Recorder v10.0 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-03-31T15:53:32.035Z"}}}, "cveMetadata": {"cveId": "CVE-2026-30284", "state": "PUBLISHED", "dateUpdated": "2026-04-01T18:06:58.822Z", "dateReserved": "2026-03-04T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2026-03-31T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "An arbitrary file overwrite vulnerability in UXGROUP LLC Voice Recorder v10.0 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure."}], "id": "CVE-2026-30284", "lastModified": "2026-04-01T19:16:29.757", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 6.0, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-03-31T16:16:29.950", "references": [{"source": "cve@mitre.org", "url": "http://voice.com"}, {"source": "cve@mitre.org", "url": "https://appcraze.co/"}, {"source": "cve@mitre.org", "url": "https://github.com/Secsys-FDU/AF_CVEs/issues/25"}, {"source": "cve@mitre.org", "url": "https://secsys.fudan.edu.cn/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-73"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-03-31T17:52:11.552213+00:00", "value": {"mitigation_remediation": ["Apply any vendor\u2011issued patch or update for Voice Recorder.", "If no patch is available, disable the file import feature until a fix is released.", "Restrict import functionality to privileged users and limit network exposure.", "Implement server\u2011side validation to reject file paths that target protected directories.", "Verify the integrity of imported files using checksums or digital signatures."], "summary": {"action": "Immediate Patch", "impact": "Arbitrary File Overwrite"}, "threat_synthesis": {"affected_systems": "UXGROUP LLC Voice Recorder version\u00a010.0 is affected. No other versions or vendors are listed.", "description_and_impact": "The vulnerability allows an attacker to overwrite critical internal files during the file import process. By replacing legitimate files, the attacker may achieve arbitrary code execution or expose sensitive information. The weakness arises from insufficient validation of file paths, permitting unintended file replacement.", "risk_and_exploitability": "The impact can be severe, granting the ability to replace protected files. The likely attack vector is via the import feature, which may be exposed locally or remotely depending on the deployment environment. While CVSS and EPSS scores are not provided, the absence of mitigation from the vendor and the ease of triggering the flaw suggest a high potential for exploitation. The vulnerability is not listed in the CISA KEV catalog, but that does not reduce the risk in environments where the import function is available to untrusted users."}}}}, "created": "2026-03-31T19:56:53.535608+00:00", "title": "Arbitrary File Overwrite in UXGROUP Voice Recorder Enables Code Execution", "updated": "2026-03-31T19:56:53.535634+00:00", "vendors": [], "weaknesses": ["CWE-22", "CWE-788"]}