CVE-2017-17738 - The BrightSign Digital Signage (4k242) device (Firmware 6.2.63 and below) allows renaming and modify

CVE-2017-17738

Summary

The BrightSign Digital Signage (4k242) device (Firmware 6.2.63 and below) allows renaming and modifying files via /tools.html.

References

Vulnerable Configurations

cpe:2.3:o:brightsign:4k242_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:brightsign:4k242_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:brightsign:4k242:-:*:*:*:*:*:*:*
cpe:2.3:h:brightsign:4k242:-:*:*:*:*:*:*:*

CVSS

CWE

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:N/I:P/A:P

refmap via4

exploit-db	43364
misc	http://www.information-paradox.net/2017/12/brightsign-multiple-vulnerablities-cve.html

Last major update

03-10-2019 - 00:03

Published

18-12-2017 - 06:29

Last modified

03-10-2019 - 00:03