Описание
An information disclosure vulnerability exists in the HTTP Server /ping.html functionality of Texas Instruments CC3200 SimpleLink Solution NWP 2.9.0.0. A specially-crafted HTTP request can lead to an uninitialized read. An attacker can send an HTTP request to trigger this vulnerability.
Ссылки
- ExploitThird Party Advisory
- Vendor Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 5.30.00.08 (исключая)
Одновременно
cpe:2.3:a:ti:simplelink_cc32xx_software_development_kit:*:*:*:*:*:*:*:*
Одно из
cpe:2.3:h:ti:cc3120:-:*:*:*:*:*:*:*
cpe:2.3:h:ti:cc3130:-:*:*:*:*:*:*:*
cpe:2.3:h:ti:cc3135:-:*:*:*:*:*:*:*
cpe:2.3:h:ti:cc3220r:-:*:*:*:*:*:*:*
cpe:2.3:h:ti:cc3220s:-:*:*:*:*:*:*:*
cpe:2.3:h:ti:cc3220sf:-:*:*:*:*:*:*:*
cpe:2.3:h:ti:cc3230s:-:*:*:*:*:*:*:*
cpe:2.3:h:ti:cc3230sf:-:*:*:*:*:*:*:*
cpe:2.3:h:ti:cc3235s:-:*:*:*:*:*:*:*
cpe:2.3:h:ti:cc3235sf:-:*:*:*:*:*:*:*
Конфигурация 2Версия до 1.0.1.15-2.15.0.1 (исключая)
Одновременно
cpe:2.3:o:ti:cc3100_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:ti:cc3100:-:*:*:*:*:*:*:*
Конфигурация 3Версия до 1.0.1.15-2.15.0.1 (исключая)
Одновременно
cpe:2.3:o:ti:cc3200_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:ti:cc3200:-:*:*:*:*:*:*:*
EPSS
Процентиль: 83%
0.02024
Низкий
5.3 Medium
CVSS3
5.3 Medium
CVSS3
5 Medium
CVSS2
Дефекты
CWE-457
CWE-908
Связанные уязвимости
CVSS3: 5.3
github
почти 4 года назад
An information disclosure vulnerability exists in the HTTP Server /ping.html functionality of Texas Instruments CC3200 SimpleLink Solution NWP 2.9.0.0. A specially-crafted HTTP request can lead to an uninitialized read. An attacker can send an HTTP request to trigger this vulnerability.
EPSS
Процентиль: 83%
0.02024
Низкий
5.3 Medium
CVSS3
5.3 Medium
CVSS3
5 Medium
CVSS2
Дефекты
CWE-457
CWE-908