CVE-2017-13664

Опубликовано: 01 дек. 2017

Источник: nvd

CVSS3: 9.8

CVSS2: 5

EPSS Низкий

Описание

Password file exposure in firmware in iSmartAlarm CubeOne version 2.2.4.8 and earlier allows attackers to execute arbitrary commands with administrative privileges by retrieving credentials from this file.

Ссылки

https://poppopretn.com/2017/11/30/public-disclosure-firmware-vulnerabilities-in-ismartalarm-cubeone/
Exploit
Third Party Advisory
https://poppopretn.com/2017/11/30/public-disclosure-firmware-vulnerabilities-in-ismartalarm-cubeone/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:ismartalarm:cubeone_firmware:*:*:*:*:*:*:*:*

Версия до 2.2.4.8 (включая)

cpe:2.3:h:ismartalarm:cubeone:-:*:*:*:*:*:*:*

EPSS

Процентиль: 68%

0.00557

Низкий

9.8 Critical

CVSS3

5 Medium

CVSS2

Дефекты

CWE-200

Связанные уязвимости

GHSA-3qxm-jwhr-5pv2