ID
VAR-E-201712-0169
CVE
| cve_id: | CVE-2017-17737 | Trust: 1.5 |
| cve_id: | CVE-2017-17738 | Trust: 1.5 |
| cve_id: | CVE-2017-17739 | Trust: 1.5 |
EDB ID
43364
TITLE
BrightSign Digital Signage - Multiple Vulnerablities - Hardware webapps Exploit
Trust: 0.6
DESCRIPTION
BrightSign Digital Signage - Multiple Vulnerablities. CVE-2017-17739CVE-2017-17738CVE-2017-17737 . webapps exploit for Hardware platform
Trust: 0.6
AFFECTED PRODUCTS
| vendor: | brightsign | model: | digital signage | scope: | - | version: | - | Trust: 2.1 |
EXPLOIT
# Exploit Title: BrightSign Digital Signage (Multiple Vulnerabilities)
# Date: 12/15/17
# Exploit Author: singularitysec@gmail.com
# Vectors: XSS, Directory Traversal, File Modification, Information Leakage
The BrightSign Digital Signage (4k242) device (Firmware 6.2.63 and below)
suffers from multiple vulnerabilities.
The pages:
/network_diagnostics.html
/storage_info.html
Suffer from a Cross-Site Scripting vulnerability. The REF parameter for
these pages do not sanitize user input, resulting in arbitrary execution,
token theft and related attacks.
The RP parameter in STORAGE.HTML suffers from a directory
traversal/information leakage weakness:
/storage.html?rp=%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2Fetc
Through parameter manipulation, the file system can be traversed,
unauthenticated, allowing for leakage of information and compromise of the
device.
This page also allows for unauthenticated upload of files.
/tools.html
Page allows for unauthenticated rename/manipulation of files.
When combined, these vulnerabilities allow for compromise of both end users
and the device itself.
Ex. A malicious attacker can upload a malicious page of their choosing and
steal credentials, host malicious content or distribute content through the
device, which accepts large format SD cards.
Trust: 1.0
EXPLOIT LANGUAGE
txt
Trust: 0.6
PRICE
free
Trust: 0.6
TYPE
Multiple Vulnerablities
Trust: 1.6
TAGS
| tag: | exploit | Trust: 0.5 |
| tag: | vulnerability | Trust: 0.5 |
| tag: | xss | Trust: 0.5 |
| tag: | file inclusion | Trust: 0.5 |
| tag: | file upload | Trust: 0.5 |
CREDITS
Information Paradox
Trust: 0.6
EXTERNAL IDS
| db: | EXPLOIT-DB | id: | 43364 | Trust: 1.6 |
| db: | NVD | id: | CVE-2017-17738 | Trust: 1.5 |
| db: | NVD | id: | CVE-2017-17739 | Trust: 1.5 |
| db: | NVD | id: | CVE-2017-17737 | Trust: 1.5 |
| db: | EDBNET | id: | 95391 | Trust: 0.6 |
| db: | PACKETSTORM | id: | 145489 | Trust: 0.5 |
REFERENCES
| url: | https://nvd.nist.gov/vuln/detail/cve-2017-17739 | Trust: 1.5 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2017-17738 | Trust: 1.5 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2017-17737 | Trust: 1.5 |
| url: | https://www.exploit-db.com/exploits/43364/ | Trust: 0.6 |
SOURCES
| db: | PACKETSTORM | id: | 145489 |
| db: | EXPLOIT-DB | id: | 43364 |
| db: | EDBNET | id: | 95391 |
LAST UPDATE DATE
2022-07-27T10:00:37.053000+00:00
SOURCES RELEASE DATE
| db: | PACKETSTORM | id: | 145489 | date: | 2017-12-19T14:26:57 |
| db: | EXPLOIT-DB | id: | 43364 | date: | 2017-12-19T00:00:00 |
| db: | EDBNET | id: | 95391 | date: | 2017-12-19T00:00:00 |