Sign-up

ID

VAR-201704-1432


CVE

CVE-2017-7588


TITLE

plural Brother Authentication vulnerabilities in device products

Trust: 0.8

sources: JVNDB: JVNDB-2017-003085

DESCRIPTION

On certain Brother devices, authorization is mishandled by including a valid AuthCookie cookie in the HTTP response to a failed login attempt. Affected models are: MFC-J6973CDW MFC-J4420DW MFC-8710DW MFC-J4620DW MFC-L8850CDW MFC-J3720 MFC-J6520DW MFC-L2740DW MFC-J5910DW MFC-J6920DW MFC-L2700DW MFC-9130CW MFC-9330CDW MFC-9340CDW MFC-J5620DW MFC-J6720DW MFC-L8600CDW MFC-L9550CDW MFC-L2720DW DCP-L2540DW DCP-L2520DW HL-3140CW HL-3170CDW HL-3180CDW HL-L8350CDW HL-L2380DW ADS-2500W ADS-1000W ADS-1500W. plural Brother An authentication vulnerability exists in device products.Information is acquired, information is falsified, and denial of service (DoS) An attack could be made. BrotherMFC-J6973CDW and others are printer products of Brother Industries of Japan. There are security holes in many Brother devices. An attacker could exploit the vulnerability to bypass web authentication. Brother MFC-J6973CDW, etc

Trust: 2.34

sources: NVD: CVE-2017-7588 // JVNDB: JVNDB-2017-003085 // CNVD: CNVD-2017-05030 // VULHUB: VHN-115791 // VULMON: CVE-2017-7588

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-05030

AFFECTED PRODUCTS

vendor:brothermodel:mfcscope:eqversion: -

Trust: 1.6

vendor:brothermodel:dcpscope:eqversion: -

Trust: 1.6

vendor:brothermodel:adsscope:eqversion: -

Trust: 1.6

vendor:brothermodel:hlscope:eqversion: -

Trust: 1.6

vendor:brother industrymodel:adsscope: - version: -

Trust: 0.8

vendor:brother industrymodel:dcpscope: - version: -

Trust: 0.8

vendor:brother industrymodel:hlscope: - version: -

Trust: 0.8

vendor:brother industrymodel:mfcscope: - version: -

Trust: 0.8

vendor:brothermodel:mfc-j6973cdwscope: - version: -

Trust: 0.6

vendor:brothermodel:ads-1500wscope: - version: -

Trust: 0.6

vendor:brothermodel:ads-1000wscope: - version: -

Trust: 0.6

vendor:brothermodel:ads-2500wscope: - version: -

Trust: 0.6

vendor:brothermodel:hl-l2380dwscope: - version: -

Trust: 0.6

vendor:brothermodel:hl-l8350cdwscope: - version: -

Trust: 0.6

vendor:brothermodel:hl-3180cdwscope: - version: -

Trust: 0.6

vendor:brothermodel:hl-3170cdwscope: - version: -

Trust: 0.6

vendor:brothermodel:hl-3140cwscope: - version: -

Trust: 0.6

vendor:brothermodel:dcp-l2520dwscope: - version: -

Trust: 0.6

vendor:brothermodel:dcp-l2540dwscope: - version: -

Trust: 0.6

vendor:brothermodel:mfc-l2720dwscope: - version: -

Trust: 0.6

vendor:brothermodel:mfc-l9550cdwscope: - version: -

Trust: 0.6

vendor:brothermodel:mfc-l8600cdwscope: - version: -

Trust: 0.6

vendor:brothermodel:mfc-j6720dwscope: - version: -

Trust: 0.6

vendor:brothermodel:mfc-j5620dwscope: - version: -

Trust: 0.6

vendor:brothermodel:mfc-9340cdwscope: - version: -

Trust: 0.6

vendor:brothermodel:mfc-9330cdwscope: - version: -

Trust: 0.6

vendor:brothermodel:mfc-9130cwscope: - version: -

Trust: 0.6

vendor:brothermodel:mfc-l2700dwscope: - version: -

Trust: 0.6

vendor:brothermodel:mfc-j6920dwscope: - version: -

Trust: 0.6

vendor:brothermodel:mfc-j5910dwscope: - version: -

Trust: 0.6

vendor:brothermodel:mfc-l2740dwscope: - version: -

Trust: 0.6

vendor:brothermodel:mfc-j6520dwscope: - version: -

Trust: 0.6

vendor:brothermodel:mfc-j3720scope: - version: -

Trust: 0.6

vendor:brothermodel:mfc-l8850cdwscope: - version: -

Trust: 0.6

vendor:brothermodel:mfc-j4620dwscope: - version: -

Trust: 0.6

vendor:brothermodel:mfc-8710dwscope: - version: -

Trust: 0.6

vendor:brothermodel:mfc-j4420dwscope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2017-05030 // JVNDB: JVNDB-2017-003085 // CNNVD: CNNVD-201704-323 // NVD: CVE-2017-7588

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-7588
value: CRITICAL

Trust: 1.0

NVD: CVE-2017-7588
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2017-05030
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201704-323
value: CRITICAL

Trust: 0.6

VULHUB: VHN-115791
value: HIGH

Trust: 0.1

VULMON: CVE-2017-7588
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2017-7588
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2017-05030
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-115791
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-7588
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2017-05030 // VULHUB: VHN-115791 // VULMON: CVE-2017-7588 // JVNDB: JVNDB-2017-003085 // CNNVD: CNNVD-201704-323 // NVD: CVE-2017-7588

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.9

sources: VULHUB: VHN-115791 // JVNDB: JVNDB-2017-003085 // NVD: CVE-2017-7588

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201704-323

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201704-323

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-003085

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-115791 // 
            
            
            
            VULMON: CVE-2017-7588

PATCH
title:Top Pageurl:http://www.brother.co.jp/
Trust: 0.8
title:A variety of Brother device certification bypasses the patch for the vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/92380
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-05030 // 
            
            
            
            JVNDB: JVNDB-2017-003085

EXTERNAL IDS
db:NVDid:CVE-2017-7588
Trust: 3.2
db:CXSECURITYid:WLB-2017040064
Trust: 3.2
db:EXPLOIT-DBid:41863
Trust: 1.2
db:JVNDBid:JVNDB-2017-003085
Trust: 0.8
db:CNNVDid:CNNVD-201704-323
Trust: 0.7
db:CNVDid:CNVD-2017-05030
Trust: 0.6
db:PACKETSTORMid:142105
Trust: 0.1
db:VULHUBid:VHN-115791
Trust: 0.1
db:VULMONid:CVE-2017-7588
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-05030 // 
            
            
            
            VULHUB: VHN-115791 // 
            
            
            
            VULMON: CVE-2017-7588 // 
            
            
            
            JVNDB: JVNDB-2017-003085 // 
            
            
            
            CNNVD: CNNVD-201704-323 // 
            
            
            
            NVD: CVE-2017-7588

REFERENCES
url:https://cxsecurity.com/blad/wlb-2017040064
Trust: 3.2
url:https://www.exploit-db.com/exploits/41863/
Trust: 1.3
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-7588
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-7588
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/287.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-05030 // 
            
            
            
            VULHUB: VHN-115791 // 
            
            
            
            VULMON: CVE-2017-7588 // 
            
            
            
            JVNDB: JVNDB-2017-003085 // 
            
            
            
            CNNVD: CNNVD-201704-323 // 
            
            
            
            NVD: CVE-2017-7588

SOURCES
db:CNVDid:CNVD-2017-05030
db:VULHUBid:VHN-115791
db:VULMONid:CVE-2017-7588
db:JVNDBid:JVNDB-2017-003085
db:CNNVDid:CNNVD-201704-323
db:NVDid:CVE-2017-7588

LAST UPDATE DATE
2025-04-20T23:40:09.521000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-05030date:2017-04-22T00:00:00
db:VULHUBid:VHN-115791date:2017-08-16T00:00:00
db:VULMONid:CVE-2017-7588date:2017-08-16T00:00:00
db:JVNDBid:JVNDB-2017-003085date:2017-05-15T00:00:00
db:CNNVDid:CNNVD-201704-323date:2017-04-24T00:00:00
db:NVDid:CVE-2017-7588date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-05030date:2017-04-22T00:00:00
db:VULHUBid:VHN-115791date:2017-04-12T00:00:00
db:VULMONid:CVE-2017-7588date:2017-04-12T00:00:00
db:JVNDBid:JVNDB-2017-003085date:2017-05-15T00:00:00
db:CNNVDid:CNNVD-201704-323date:2017-04-10T00:00:00
db:NVDid:CVE-2017-7588date:2017-04-12T10:59:00.337