Sign-up

ID

VAR-201711-0781


CVE

CVE-2017-16249


TITLE

Brother DCP-J132W Access control vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-010205

DESCRIPTION

The Debut embedded http server contains a remotely exploitable denial of service where a single malformed HTTP POST request can cause the server to hang until eventually replying (~300 seconds) with an HTTP 500 error. While the server is hung, print jobs over the network are blocked and the web interface is inaccessible. An attacker can continuously send this malformed request to keep the device inaccessible to legitimate traffic. Brother DCP-J132W Contains an access control vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Debutembeddedhttpserver is an embedded HTTP server. A security vulnerability exists in the Debutembeddedhttpserver1.20 release

Trust: 2.25

sources: NVD: CVE-2017-16249 // JVNDB: JVNDB-2017-010205 // CNVD: CNVD-2017-37618 // VULHUB: VHN-107152

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-37618

AFFECTED PRODUCTS

vendor:brothermodel:dcp-j132wscope:lteversion:1.20

Trust: 1.0

vendor:brother industrymodel:dcp-j132wscope: - version: -

Trust: 0.8

vendor:brothermodel:debut embedded http serverscope:eqversion:1.2

Trust: 0.6

vendor:brothermodel:dcp-j132wscope:eqversion:1.20

Trust: 0.6

sources: CNVD: CNVD-2017-37618 // JVNDB: JVNDB-2017-010205 // CNNVD: CNNVD-201711-171 // NVD: CVE-2017-16249

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-16249
value: HIGH

Trust: 1.0

NVD: CVE-2017-16249
value: HIGH

Trust: 0.8

CNVD: CNVD-2017-37618
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201711-171
value: HIGH

Trust: 0.6

VULHUB: VHN-107152
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2017-16249
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-37618
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-107152
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-16249
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2017-37618 // VULHUB: VHN-107152 // JVNDB: JVNDB-2017-010205 // CNNVD: CNNVD-201711-171 // NVD: CVE-2017-16249

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-284

Trust: 0.9

sources: VULHUB: VHN-107152 // JVNDB: JVNDB-2017-010205 // NVD: CVE-2017-16249

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201711-171

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201711-171

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-010205

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-107152

PATCH
title:DCP-J132Wurl:http://support.brother.com/g/b/manualtop.aspx?c=eu_ot&lang=en&prod=dcpj132w_eu
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2017-010205

EXTERNAL IDS
db:NVDid:CVE-2017-16249
Trust: 3.1
db:PACKETSTORMid:144908
Trust: 2.3
db:EXPLOIT-DBid:43119
Trust: 2.3
db:JVNDBid:JVNDB-2017-010205
Trust: 0.8
db:CNNVDid:CNNVD-201711-171
Trust: 0.7
db:CNVDid:CNVD-2017-37618
Trust: 0.6
db:VULHUBid:VHN-107152
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-37618 // 
            
            
            
            VULHUB: VHN-107152 // 
            
            
            
            JVNDB: JVNDB-2017-010205 // 
            
            
            
            CNNVD: CNNVD-201711-171 // 
            
            
            
            NVD: CVE-2017-16249

REFERENCES
url:https://www.trustwave.com/resources/security-advisories/advisories/twsl2017-017/?fid=10211
Trust: 2.5
url:https://www.exploit-db.com/exploits/43119/
Trust: 2.3
url:http://packetstormsecurity.com/files/144908/debut-embedded-httpd-1.20-denial-of-service.html
Trust: 1.7
url:https://www.trustwave.com/resources/spiderlabs-blog/denial-of-service-vulnerability-in-brother-printers/?page=1&year=0&month=0&langtype=1033
Trust: 1.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-16249
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-16249
Trust: 0.8
url:httpd-1.20-denial-of-service.html
Trust: 0.6
url:https://packetstormsecurity.com/files/144908/debut-embedded-
Trust: 0.6
url:https://www.trustwave.com/resources/spiderlabs-blog/denial-of-service-vulnerability-in-brother-printers/?page=1&year=0&month=0&langtype=1033
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-37618 // 
            
            
            
            VULHUB: VHN-107152 // 
            
            
            
            JVNDB: JVNDB-2017-010205 // 
            
            
            
            CNNVD: CNNVD-201711-171 // 
            
            
            
            NVD: CVE-2017-16249

SOURCES
db:CNVDid:CNVD-2017-37618
db:VULHUBid:VHN-107152
db:JVNDBid:JVNDB-2017-010205
db:CNNVDid:CNNVD-201711-171
db:NVDid:CVE-2017-16249

LAST UPDATE DATE
2025-04-20T23:42:04.281000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-37618date:2017-12-20T00:00:00
db:VULHUBid:VHN-107152date:2019-10-03T00:00:00
db:JVNDBid:JVNDB-2017-010205date:2017-12-07T00:00:00
db:CNNVDid:CNNVD-201711-171date:2019-10-23T00:00:00
db:NVDid:CVE-2017-16249date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-37618date:2017-12-20T00:00:00
db:VULHUBid:VHN-107152date:2017-11-10T00:00:00
db:JVNDBid:JVNDB-2017-010205date:2017-12-07T00:00:00
db:CNNVDid:CNNVD-201711-171date:2017-10-31T00:00:00
db:NVDid:CVE-2017-16249date:2017-11-10T02:29:18.607