Sign-up

ID

VAR-201704-1536


CVE

CVE-2017-7450


TITLE

AIRTAME HDMI dongle Vulnerabilities related to access control in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2017-002989

DESCRIPTION

AIRTAME HDMI dongle with firmware before 2.2.0 allows unauthenticated access to a big part of the management interface. It is possible to extract all information including the Wi-Fi password, reboot, or force a software update at an arbitrary time. AIRTAME HDMI dongle There is an access control vulnerability in the firmware.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out. AIRTAME HDMI dongle is a wireless access point product for connecting, sharing and split-screen TV or monitor. A security vulnerability exists in AIRTAME HDMI dongles with firmware versions prior to 2.2.0

Trust: 1.71

sources: NVD: CVE-2017-7450 // JVNDB: JVNDB-2017-002989 // VULHUB: VHN-115653

IOT TAXONOMY

category:['other device']sub_category:general

Trust: 0.1

sources: OTHER: None

AFFECTED PRODUCTS

vendor:airtamemodel:hdmi donglescope:lteversion:2.1.1

Trust: 1.0

vendor:airtamemodel:hdmi donglescope:ltversion:2.2.0

Trust: 0.8

vendor:airtamemodel:hdmi donglescope:eqversion:2.1.1

Trust: 0.6

sources: JVNDB: JVNDB-2017-002989 // CNNVD: CNNVD-201704-219 // NVD: CVE-2017-7450

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-7450
value: CRITICAL

Trust: 1.0

NVD: CVE-2017-7450
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201704-219
value: CRITICAL

Trust: 0.6

VULHUB: VHN-115653
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2017-7450
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-115653
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-7450
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-115653 // JVNDB: JVNDB-2017-002989 // CNNVD: CNNVD-201704-219 // NVD: CVE-2017-7450

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.1

problemtype:CWE-284

Trust: 0.9

sources: VULHUB: VHN-115653 // JVNDB: JVNDB-2017-002989 // NVD: CVE-2017-7450

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201704-219

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201704-219

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-002989

PATCH
title:Top Pageurl:https://airtame.com/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2017-002989

EXTERNAL IDS
db:NVDid:CVE-2017-7450
Trust: 2.6
db:JVNDBid:JVNDB-2017-002989
Trust: 0.8
db:CNNVDid:CNNVD-201704-219
Trust: 0.7
db:OTHERid:NONE
Trust: 0.1
db:VULHUBid:VHN-115653
Trust: 0.1
sources:
            
            
            OTHER: None // 
            
            
            
            VULHUB: VHN-115653 // 
            
            
            
            JVNDB: JVNDB-2017-002989 // 
            
            
            
            CNNVD: CNNVD-201704-219 // 
            
            
            
            NVD: CVE-2017-7450

REFERENCES
url:http://cweiske.de/tagebuch/airtame-security.htm
Trust: 2.5
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-7450
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-7450
Trust: 0.8
url:https://ieeexplore.ieee.org/abstract/document/10769424
Trust: 0.1
sources:
            
            
            OTHER: None // 
            
            
            
            VULHUB: VHN-115653 // 
            
            
            
            JVNDB: JVNDB-2017-002989 // 
            
            
            
            CNNVD: CNNVD-201704-219 // 
            
            
            
            NVD: CVE-2017-7450

SOURCES
db:OTHERid: - 
db:VULHUBid:VHN-115653
db:JVNDBid:JVNDB-2017-002989
db:CNNVDid:CNNVD-201704-219
db:NVDid:CVE-2017-7450

LAST UPDATE DATE
2025-04-20T20:41:53.723000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-115653date:2019-10-03T00:00:00
db:JVNDBid:JVNDB-2017-002989date:2017-05-10T00:00:00
db:CNNVDid:CNNVD-201704-219date:2019-10-23T00:00:00
db:NVDid:CVE-2017-7450date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:VULHUBid:VHN-115653date:2017-04-05T00:00:00
db:JVNDBid:JVNDB-2017-002989date:2017-05-10T00:00:00
db:CNNVDid:CNNVD-201704-219date:2017-04-11T00:00:00
db:NVDid:CVE-2017-7450date:2017-04-05T23:59:00.203