VAR-201712-0914
Vulnerability from variot - Updated: 2025-04-20 23:29The BrightSign Digital Signage (4k242) device (Firmware 6.2.63 and below) allows renaming and modifying files via /tools.html. An attacker could exploit this vulnerability by using the /tools.html web page to rename and modify files.
The pages:
/network_diagnostics.html /storage_info.html
Suffer from a Cross-Site Scripting vulnerability. The REF parameter for these pages do not sanitize user input, resulting in arbitrary execution, token theft and related attacks.
The RP parameter in STORAGE.HTML suffers from a directory traversal/information leakage weakness: /storage.html?rp=%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2Fetc
Through parameter manipulation, the file system can be traversed, unauthenticated, allowing for leakage of information and compromise of the device.
This page also allows for unauthenticated upload of files.
/tools.html
Page allows for unauthenticated rename/manipulation of files.
When combined, these vulnerabilities allow for compromise of both end users and the device itself.
Ex. A malicious attacker can upload a malicious page of their choosing and steal credentials, host malicious content or distribute content through the device, which accepts large format SD cards
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201712-0914",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "4k242",
"scope": "lte",
"trust": 1.8,
"vendor": "brightsign",
"version": "6.2.63"
},
{
"model": "4k242",
"scope": "eq",
"trust": 0.6,
"vendor": "brightsign",
"version": "6.2.63"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-011555"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-660"
},
{
"db": "NVD",
"id": "CVE-2017-17738"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:brightsign:4k242_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-011555"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "singularitysec",
"sources": [
{
"db": "PACKETSTORM",
"id": "145489"
}
],
"trust": 0.1
},
"cve": "CVE-2017-17738",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2017-17738",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-108790",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2017-17738",
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-17738",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2017-17738",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201712-660",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-108790",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-108790"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011555"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-660"
},
{
"db": "NVD",
"id": "CVE-2017-17738"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The BrightSign Digital Signage (4k242) device (Firmware 6.2.63 and below) allows renaming and modifying files via /tools.html. An attacker could exploit this vulnerability by using the /tools.html web page to rename and modify files. \n \nThe pages:\n \n/network_diagnostics.html\n/storage_info.html\n \nSuffer from a Cross-Site Scripting vulnerability. The REF parameter for\nthese pages do not sanitize user input, resulting in arbitrary execution,\ntoken theft and related attacks. \n \n \n \nThe RP parameter in STORAGE.HTML suffers from a directory\ntraversal/information leakage weakness:\n/storage.html?rp=%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2Fetc\n \nThrough parameter manipulation, the file system can be traversed,\nunauthenticated, allowing for leakage of information and compromise of the\ndevice. \n \nThis page also allows for unauthenticated upload of files. \n \n/tools.html\n \nPage allows for unauthenticated rename/manipulation of files. \n \nWhen combined, these vulnerabilities allow for compromise of both end users\nand the device itself. \n \nEx. A malicious attacker can upload a malicious page of their choosing and\nsteal credentials, host malicious content or distribute content through the\ndevice, which accepts large format SD cards",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-17738"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011555"
},
{
"db": "VULHUB",
"id": "VHN-108790"
},
{
"db": "PACKETSTORM",
"id": "145489"
}
],
"trust": 1.8
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-108790",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-108790"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-17738",
"trust": 2.6
},
{
"db": "EXPLOIT-DB",
"id": "43364",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011555",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201712-660",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-108790",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "145489",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-108790"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011555"
},
{
"db": "PACKETSTORM",
"id": "145489"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-660"
},
{
"db": "NVD",
"id": "CVE-2017-17738"
}
]
},
"id": "VAR-201712-0914",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-108790"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-20T23:29:30.383000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "4K Product Line",
"trust": 0.8,
"url": "https://www.brightsign.biz/digital-signage-products/legacy-products/4k-product-line"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-011555"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-264",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-108790"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011555"
},
{
"db": "NVD",
"id": "CVE-2017-17738"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://www.information-paradox.net/2017/12/brightsign-multiple-vulnerablities-cve.html"
},
{
"trust": 1.7,
"url": "https://www.exploit-db.com/exploits/43364/"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-17738"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-17738"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-17739"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-17737"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-108790"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011555"
},
{
"db": "PACKETSTORM",
"id": "145489"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-660"
},
{
"db": "NVD",
"id": "CVE-2017-17738"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-108790"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011555"
},
{
"db": "PACKETSTORM",
"id": "145489"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-660"
},
{
"db": "NVD",
"id": "CVE-2017-17738"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-12-18T00:00:00",
"db": "VULHUB",
"id": "VHN-108790"
},
{
"date": "2018-01-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-011555"
},
{
"date": "2017-12-19T14:26:57",
"db": "PACKETSTORM",
"id": "145489"
},
{
"date": "2017-12-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201712-660"
},
{
"date": "2017-12-18T06:29:00.317000",
"db": "NVD",
"id": "CVE-2017-17738"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-108790"
},
{
"date": "2018-01-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-011555"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201712-660"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2017-17738"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201712-660"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "BrightSign Digital Signage Vulnerability related to authorization, authority, and access control in device firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-011555"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control issues",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201712-660"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…