An incorrect access control vulnerability in the FTP configuration of WiFiRanger devices with firmware version 7.0.8rc3 and earlier allows an attacker with adjacent network access to read the SSH Private Key and log in to the root account.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/149867/WiFiRanger-7.0.8rc3-Incorrect-Access-Control-Privilege-Escalation.html | Exploit Third Party Advisory VDB Entry |
http://packetstormsecurity.com/files/149867/WiFiRanger-7.0.8rc3-Incorrect-Access-Control-Privilege-Escalation.html | Exploit Third Party Advisory VDB Entry |
Configurations
Configuration 1 (hide)
AND |
|
History
21 Nov 2024, 03:55
Type | Values Removed | Values Added |
---|---|---|
References | () http://packetstormsecurity.com/files/149867/WiFiRanger-7.0.8rc3-Incorrect-Access-Control-Privilege-Escalation.html - Exploit, Third Party Advisory, VDB Entry |
Information
Published : 2018-10-23 21:30
Updated : 2024-11-21 03:55
NVD link : CVE-2018-17873
Mitre link : CVE-2018-17873
CVE.ORG link : CVE-2018-17873
JSON object : View
Products Affected
wifiranger
- wifiranger_firmware
- wifiranger
CWE
CWE-732
Incorrect Permission Assignment for Critical Resource