CVE-2018-17873

An incorrect access control vulnerability in the FTP configuration of WiFiRanger devices with firmware version 7.0.8rc3 and earlier allows an attacker with adjacent network access to read the SSH Private Key and log in to the root account.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:wifiranger:wifiranger_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:wifiranger:wifiranger:-:*:*:*:*:*:*:*

History

21 Nov 2024, 03:55

Type Values Removed Values Added
References () http://packetstormsecurity.com/files/149867/WiFiRanger-7.0.8rc3-Incorrect-Access-Control-Privilege-Escalation.html - Exploit, Third Party Advisory, VDB Entry () http://packetstormsecurity.com/files/149867/WiFiRanger-7.0.8rc3-Incorrect-Access-Control-Privilege-Escalation.html - Exploit, Third Party Advisory, VDB Entry

Information

Published : 2018-10-23 21:30

Updated : 2024-11-21 03:55


NVD link : CVE-2018-17873

Mitre link : CVE-2018-17873

CVE.ORG link : CVE-2018-17873


JSON object : View

Products Affected

wifiranger

  • wifiranger_firmware
  • wifiranger
CWE
CWE-732

Incorrect Permission Assignment for Critical Resource