Sign-up

ID

VAR-201712-0915


CVE

CVE-2017-17739


TITLE

BrightSign Digital Signage Path traversal vulnerability in device firmware

Trust: 0.8

sources: JVNDB: JVNDB-2017-011556

DESCRIPTION

The BrightSign Digital Signage (4k242) device (Firmware 6.2.63 and below) has directory traversal via the /storage.html rp parameter, allowing an attacker to read or write to files. BrightSignDigitalSignage (4k242) is a multimedia playback device from BrightSign Corporation of the United States. A directory traversal vulnerability exists in BrightSignDigitalSignage (4k242) using 6.2.63 and earlier firmware. The pages: /network_diagnostics.html /storage_info.html Suffer from a Cross-Site Scripting vulnerability. The REF parameter for these pages do not sanitize user input, resulting in arbitrary execution, token theft and related attacks. This page also allows for unauthenticated upload of files. /tools.html Page allows for unauthenticated rename/manipulation of files. When combined, these vulnerabilities allow for compromise of both end users and the device itself. Ex. A malicious attacker can upload a malicious page of their choosing and steal credentials, host malicious content or distribute content through the device, which accepts large format SD cards

Trust: 2.34

sources: NVD: CVE-2017-17739 // JVNDB: JVNDB-2017-011556 // CNVD: CNVD-2018-01363 // VULHUB: VHN-108791 // PACKETSTORM: 145489

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-01363

AFFECTED PRODUCTS

vendor:brightsignmodel:4k242scope:lteversion:6.2.63

Trust: 1.8

vendor:brightsignmodel:digital signagescope:lteversion:<=6.2.63

Trust: 0.6

vendor:brightsignmodel:4k242scope:eqversion:6.2.63

Trust: 0.6

sources: CNVD: CNVD-2018-01363 // JVNDB: JVNDB-2017-011556 // CNNVD: CNNVD-201712-659 // NVD: CVE-2017-17739

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-17739
value: CRITICAL

Trust: 1.0

NVD: CVE-2017-17739
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2018-01363
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201712-659
value: HIGH

Trust: 0.6

VULHUB: VHN-108791
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2017-17739
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-01363
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-108791
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-17739
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2018-01363 // VULHUB: VHN-108791 // JVNDB: JVNDB-2017-011556 // CNNVD: CNNVD-201712-659 // NVD: CVE-2017-17739

PROBLEMTYPE DATA

problemtype:CWE-22

Trust: 1.9

sources: VULHUB: VHN-108791 // JVNDB: JVNDB-2017-011556 // NVD: CVE-2017-17739

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201712-659

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-201712-659

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-011556

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-108791

PATCH
title:4K Product Lineurl:https://www.brightsign.biz/digital-signage-products/legacy-products/4k-product-line
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2017-011556

EXTERNAL IDS
db:NVDid:CVE-2017-17739
Trust: 3.2
db:EXPLOIT-DBid:43364
Trust: 1.1
db:JVNDBid:JVNDB-2017-011556
Trust: 0.8
db:CNNVDid:CNNVD-201712-659
Trust: 0.7
db:EXPLOITDBid:43364
Trust: 0.6
db:CNVDid:CNVD-2018-01363
Trust: 0.6
db:VULHUBid:VHN-108791
Trust: 0.1
db:PACKETSTORMid:145489
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-01363 // 
            
            
            
            VULHUB: VHN-108791 // 
            
            
            
            JVNDB: JVNDB-2017-011556 // 
            
            
            
            PACKETSTORM: 145489 // 
            
            
            
            CNNVD: CNNVD-201712-659 // 
            
            
            
            NVD: CVE-2017-17739

REFERENCES
url:http://www.information-paradox.net/2017/12/brightsign-multiple-vulnerablities-cve.html
Trust: 3.1
url:https://www.exploit-db.com/exploits/43364/
Trust: 1.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-17739
Trust: 0.9
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-17739
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-17737
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-17738
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-01363 // 
            
            
            
            VULHUB: VHN-108791 // 
            
            
            
            JVNDB: JVNDB-2017-011556 // 
            
            
            
            PACKETSTORM: 145489 // 
            
            
            
            CNNVD: CNNVD-201712-659 // 
            
            
            
            NVD: CVE-2017-17739

CREDITS
singularitysec
Trust: 0.1
sources:
            
            
            PACKETSTORM: 145489

SOURCES
db:CNVDid:CNVD-2018-01363
db:VULHUBid:VHN-108791
db:JVNDBid:JVNDB-2017-011556
db:PACKETSTORMid:145489
db:CNNVDid:CNNVD-201712-659
db:NVDid:CVE-2017-17739

LAST UPDATE DATE
2025-04-20T23:29:30.412000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-01363date:2018-01-19T00:00:00
db:VULHUBid:VHN-108791date:2018-01-04T00:00:00
db:JVNDBid:JVNDB-2017-011556date:2018-01-18T00:00:00
db:CNNVDid:CNNVD-201712-659date:2017-12-19T00:00:00
db:NVDid:CVE-2017-17739date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:CNVDid:CNVD-2018-01363date:2018-01-19T00:00:00
db:VULHUBid:VHN-108791date:2017-12-18T00:00:00
db:JVNDBid:JVNDB-2017-011556date:2018-01-18T00:00:00
db:PACKETSTORMid:145489date:2017-12-19T14:26:57
db:CNNVDid:CNNVD-201712-659date:2017-12-19T00:00:00
db:NVDid:CVE-2017-17739date:2017-12-18T06:29:00.350