Vulnerabilities > CVE-2017-17738 - Unspecified vulnerability in Brightsign 4K242 Firmware 6.2.63

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
HIGH
Availability impact
NONE
network
low complexity
brightsign
exploit available
NVD
Published: 2017-12-18
Updated: 2019-10-03

Summary

The BrightSign Digital Signage (4k242) device (Firmware 6.2.63 and below) allows renaming and modifying files via /tools.html.

Vulnerable Configurations

Part Description Count
OS
Brightsign
1
Hardware
Brightsign
1

Exploit-Db

descriptionBrightSign Digital Signage - Multiple Vulnerablities. CVE-2017-17737,CVE-2017-17738,CVE-2017-17739. Webapps exploit for Hardware platform
fileexploits/hardware/webapps/43364.txt
idEDB-ID:43364
last seen2017-12-19
modified2017-12-19
platformhardware
port
published2017-12-19
reporterExploit-DB
sourcehttps://www.exploit-db.com/download/43364/
titleBrightSign Digital Signage - Multiple Vulnerablities
typewebapps

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/145489/brightsignds-xsstraversalupload.txt
idPACKETSTORM:145489
last seen2017-12-19
published2017-12-19
reportersingularitysec
sourcehttps://packetstormsecurity.com/files/145489/BrightSign-Digital-Signage-XSS-Traversal-File-Upload.html
titleBrightSign Digital Signage XSS / Traversal / File Upload

References