VAR-201712-0915
Vulnerability from variot - Updated: 2025-04-20 23:29The BrightSign Digital Signage (4k242) device (Firmware 6.2.63 and below) has directory traversal via the /storage.html rp parameter, allowing an attacker to read or write to files. BrightSignDigitalSignage (4k242) is a multimedia playback device from BrightSign Corporation of the United States. A directory traversal vulnerability exists in BrightSignDigitalSignage (4k242) using 6.2.63 and earlier firmware.
The pages:
/network_diagnostics.html /storage_info.html
Suffer from a Cross-Site Scripting vulnerability. The REF parameter for these pages do not sanitize user input, resulting in arbitrary execution, token theft and related attacks.
This page also allows for unauthenticated upload of files.
/tools.html
Page allows for unauthenticated rename/manipulation of files.
When combined, these vulnerabilities allow for compromise of both end users and the device itself.
Ex. A malicious attacker can upload a malicious page of their choosing and steal credentials, host malicious content or distribute content through the device, which accepts large format SD cards
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201712-0915",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "4k242",
"scope": "lte",
"trust": 1.8,
"vendor": "brightsign",
"version": "6.2.63"
},
{
"model": "digital signage",
"scope": "lte",
"trust": 0.6,
"vendor": "brightsign",
"version": "\u003c=6.2.63"
},
{
"model": "4k242",
"scope": "eq",
"trust": 0.6,
"vendor": "brightsign",
"version": "6.2.63"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-01363"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011556"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-659"
},
{
"db": "NVD",
"id": "CVE-2017-17739"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:brightsign:4k242_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-011556"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "singularitysec",
"sources": [
{
"db": "PACKETSTORM",
"id": "145489"
}
],
"trust": 0.1
},
"cve": "CVE-2017-17739",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2017-17739",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-01363",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-108791",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2017-17739",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-17739",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2017-17739",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2018-01363",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201712-659",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-108791",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-01363"
},
{
"db": "VULHUB",
"id": "VHN-108791"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011556"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-659"
},
{
"db": "NVD",
"id": "CVE-2017-17739"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The BrightSign Digital Signage (4k242) device (Firmware 6.2.63 and below) has directory traversal via the /storage.html rp parameter, allowing an attacker to read or write to files. BrightSignDigitalSignage (4k242) is a multimedia playback device from BrightSign Corporation of the United States. A directory traversal vulnerability exists in BrightSignDigitalSignage (4k242) using 6.2.63 and earlier firmware. \n \nThe pages:\n \n/network_diagnostics.html\n/storage_info.html\n \nSuffer from a Cross-Site Scripting vulnerability. The REF parameter for\nthese pages do not sanitize user input, resulting in arbitrary execution,\ntoken theft and related attacks. \n \nThis page also allows for unauthenticated upload of files. \n \n/tools.html\n \nPage allows for unauthenticated rename/manipulation of files. \n \nWhen combined, these vulnerabilities allow for compromise of both end users\nand the device itself. \n \nEx. A malicious attacker can upload a malicious page of their choosing and\nsteal credentials, host malicious content or distribute content through the\ndevice, which accepts large format SD cards",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-17739"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011556"
},
{
"db": "CNVD",
"id": "CNVD-2018-01363"
},
{
"db": "VULHUB",
"id": "VHN-108791"
},
{
"db": "PACKETSTORM",
"id": "145489"
}
],
"trust": 2.34
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-108791",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-108791"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-17739",
"trust": 3.2
},
{
"db": "EXPLOIT-DB",
"id": "43364",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011556",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201712-659",
"trust": 0.7
},
{
"db": "EXPLOITDB",
"id": "43364",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2018-01363",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-108791",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "145489",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-01363"
},
{
"db": "VULHUB",
"id": "VHN-108791"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011556"
},
{
"db": "PACKETSTORM",
"id": "145489"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-659"
},
{
"db": "NVD",
"id": "CVE-2017-17739"
}
]
},
"id": "VAR-201712-0915",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-01363"
},
{
"db": "VULHUB",
"id": "VHN-108791"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-01363"
}
]
},
"last_update_date": "2025-04-20T23:29:30.412000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "4K Product Line",
"trust": 0.8,
"url": "https://www.brightsign.biz/digital-signage-products/legacy-products/4k-product-line"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-011556"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-108791"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011556"
},
{
"db": "NVD",
"id": "CVE-2017-17739"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "http://www.information-paradox.net/2017/12/brightsign-multiple-vulnerablities-cve.html"
},
{
"trust": 1.1,
"url": "https://www.exploit-db.com/exploits/43364/"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-17739"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-17739"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-17737"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-17738"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-01363"
},
{
"db": "VULHUB",
"id": "VHN-108791"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011556"
},
{
"db": "PACKETSTORM",
"id": "145489"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-659"
},
{
"db": "NVD",
"id": "CVE-2017-17739"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-01363"
},
{
"db": "VULHUB",
"id": "VHN-108791"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011556"
},
{
"db": "PACKETSTORM",
"id": "145489"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-659"
},
{
"db": "NVD",
"id": "CVE-2017-17739"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-01-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-01363"
},
{
"date": "2017-12-18T00:00:00",
"db": "VULHUB",
"id": "VHN-108791"
},
{
"date": "2018-01-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-011556"
},
{
"date": "2017-12-19T14:26:57",
"db": "PACKETSTORM",
"id": "145489"
},
{
"date": "2017-12-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201712-659"
},
{
"date": "2017-12-18T06:29:00.350000",
"db": "NVD",
"id": "CVE-2017-17739"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-01-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-01363"
},
{
"date": "2018-01-04T00:00:00",
"db": "VULHUB",
"id": "VHN-108791"
},
{
"date": "2018-01-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-011556"
},
{
"date": "2017-12-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201712-659"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2017-17739"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201712-659"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "BrightSign Digital Signage Path traversal vulnerability in device firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-011556"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "path traversal",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201712-659"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…