CVE-2017-17739

The BrightSign Digital Signage (4k242) device (Firmware 6.2.63 and below) has directory traversal via the /storage.html rp parameter, allowing an attacker to read or write to files.
References
Link Resource
http://www.information-paradox.net/2017/12/brightsign-multiple-vulnerablities-cve.html Issue Tracking Third Party Advisory
https://www.exploit-db.com/exploits/43364/ Exploit Issue Tracking Third Party Advisory VDB Entry
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:brightsign:4k242_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:brightsign:4k242:-:*:*:*:*:*:*:*

Information

Published : 2017-12-17 22:29

Updated : 2018-01-04 07:53


NVD link : CVE-2017-17739

Mitre link : CVE-2017-17739


JSON object : View

CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Advertisement

dedicated server usa

Products Affected

brightsign

  • 4k242_firmware
  • 4k242