CVE-2026-30280: Rareprob Video Player RCE Vulnerability

CVE-2026-30280 Overview

An arbitrary file overwrite vulnerability has been identified in RAREPROB SOLUTIONS PRIVATE LIMITED Video player Play All Videos version 1.0.135. This vulnerability allows attackers to overwrite critical internal files via the file import process, potentially leading to arbitrary code execution or information exposure. The flaw is categorized under CWE-434 (Unrestricted Upload of File with Dangerous Type), indicating improper handling of file uploads during the import functionality.

Critical Impact

Successful exploitation of this vulnerability could allow attackers to overwrite critical application files, leading to arbitrary code execution within the application context or exposure of sensitive user information stored on the Android device.

Affected Products

• Rareprob Video Player version 1.0.135 for Android
• RAREPROB SOLUTIONS PRIVATE LIMITED Video player Play All Videos v1.0.135

Discovery Timeline

• 2026-03-31 - CVE-2026-30280 published to NVD
• 2026-04-02 - Last updated in NVD database

Technical Details for CVE-2026-30280

Vulnerability Analysis

This vulnerability affects the file import functionality within the Rareprob Video Player Android application. The application fails to properly validate and sanitize file paths during the import process, allowing an attacker to craft malicious file imports that target arbitrary locations within the application's writable directories.

The vulnerability requires local access and user interaction to exploit. An attacker would need to convince a user to import a specially crafted file, which would then overwrite internal application files. This could include configuration files, cached data, or even executable code paths depending on the application's architecture.

The vulnerability is associated with CWE-434 (Unrestricted Upload of File with Dangerous Type), indicating that the application does not adequately restrict or validate the types and destinations of files being imported. This weakness allows attackers to bypass intended security restrictions on file handling.

Root Cause

The root cause of this vulnerability lies in insufficient input validation during the file import process. The application does not properly sanitize file path components, allowing path traversal sequences or specially crafted filenames to write files to unintended locations. Additionally, there appears to be a lack of proper file type verification, enabling dangerous file types to be processed by the import functionality.

Attack Vector

The attack vector for CVE-2026-30280 is local, requiring an attacker to have some level of access to the target device or to convince the user to import a malicious file. The attack scenario typically involves:

1. An attacker crafts a malicious file designed to exploit the file import vulnerability
2. The victim is socially engineered into importing this file through the Video Player application
3. During the import process, the malicious file overwrites critical internal files
4. Depending on which files are overwritten, this could result in arbitrary code execution when the application next accesses those files, or immediate information disclosure

Technical details regarding the specific exploitation methodology can be found in the GitHub Issue on CVEs published by Secsys at Fudan University.

Detection Methods for CVE-2026-30280

Indicators of Compromise

• Unexpected file modifications within the Rareprob Video Player application data directory
• Unusual file import activities or file access patterns in Android system logs
• Presence of unexpected files in the application's internal storage directories
• Application crashes or unexpected behavior following file import operations

Detection Strategies

• Monitor Android application logs for suspicious file path patterns during import operations
• Implement file integrity monitoring for critical application files to detect unauthorized modifications
• Review device logs for evidence of path traversal attempts (e.g., ../ sequences) in file operations
• Deploy mobile threat detection solutions that can identify abnormal file system activities

Monitoring Recommendations

• Enable verbose logging for file import operations on managed Android devices
• Implement SentinelOne Mobile Threat Defense for real-time monitoring of suspicious application behaviors
• Configure alerts for any file write operations targeting application internal directories from import functions
• Regularly audit installed application versions to identify vulnerable instances of the Video Player app

How to Mitigate CVE-2026-30280

Immediate Actions Required

• Uninstall or disable Rareprob Video Player version 1.0.135 until a patched version is available
• Avoid importing files from untrusted sources into the affected application
• Review installed applications on Android devices for the affected version
• Consider using alternative video player applications that are not affected by this vulnerability

Patch Information

As of the last modification date of 2026-04-02, no official patch information has been released by RAREPROB SOLUTIONS PRIVATE LIMITED. Users should monitor the RareProb Website for security updates and new application versions that address this vulnerability. The security research was conducted by Secsys at Fudan University.

Workarounds

• Restrict file import functionality by only using the application for locally stored, trusted video files
• Implement additional security controls through mobile device management (MDM) solutions to restrict file operations
• Consider application isolation or sandboxing through Android Work Profiles to limit potential impact
• Deploy SentinelOne Singularity Mobile to detect and prevent exploitation attempts on managed devices

# Example: Check for vulnerable application version via ADB
adb shell dumpsys package com.rareprob.videoplayer | grep versionName
# If output shows 1.0.135, the device is vulnerable
# Consider uninstalling: adb uninstall com.rareprob.videoplayer