CVE-2017-17739

Опубликовано: 18 дек. 2017

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Средний

Описание

The BrightSign Digital Signage (4k242) device (Firmware 6.2.63 and below) has directory traversal via the /storage.html rp parameter, allowing an attacker to read or write to files.

Ссылки

http://www.information-paradox.net/2017/12/brightsign-multiple-vulnerablities-cve.html
Issue Tracking
Third Party Advisory
https://www.exploit-db.com/exploits/43364/
Exploit
Issue Tracking
Third Party Advisory
VDB Entry
http://www.information-paradox.net/2017/12/brightsign-multiple-vulnerablities-cve.html
Issue Tracking
Third Party Advisory
https://www.exploit-db.com/exploits/43364/
Exploit
Issue Tracking
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:brightsign:4k242_firmware:*:*:*:*:*:*:*:*

Версия до 6.2.63 (включая)

cpe:2.3:h:brightsign:4k242:-:*:*:*:*:*:*:*

EPSS

Процентиль: 96%

0.21264

Средний

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-22

Связанные уязвимости

GHSA-fvj2-pxrc-fhj8