CVE-2017-16885

Published: Jan 12, 2018Modified: Nov 21, 2024

9.8

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

Improper Permissions Handling in the Portal on FiberHome LM53Q1 VH519R05C01S38 devices (intended for obtaining information about Internet Usage, Changing Passwords, etc.) allows remote attackers to look for the information without authenticating. The information includes Version of device, Firmware ID, Connected users to device along their MAC Addresses, etc.

Affected (1)

Products: Fiberhome: Lm53q1 Firmware

1 product

Lm53q1 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Fiberhome Lm53q1 Firmware	Version vh519r05c01s38

Running on/with	Platform Versions
Fiberhome Lm53q1	All versions

Related CWEs

Incorrect Permission Assignment for Critical Resource

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

References (4)

http://seclists.org/fulldisclosure/2018/Jan/28

Source: cve@mitre.org

Mailing ListThird Party Advisory

https://www.exploit-db.com/exploits/43460/

Source: cve@mitre.org

ExploitThird Party AdvisoryVDB Entry

http://seclists.org/fulldisclosure/2018/Jan/28

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://www.exploit-db.com/exploits/43460/

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party AdvisoryVDB Entry

Timeline

No history available yet.