CVE-2017-16929

Name of the Vulnerable Software and Affected Versions Claymore Dual GPU miner version 10.1

Description The remote management interface is vulnerable to an authenticated directory traversal issue. This can be exploited by issuing a specially crafted request, allowing a remote attacker to read or write arbitrary files. The issue can be triggered via ../ sequences in the pathname to miner file or miner getfile.

Recommendations For Claymore Dual GPU miner version 10.1, consider restricting access to the remote management interface until a fix is available. As a temporary workaround, avoid using the miner file or miner getfile parameters in the affected API endpoint to minimize the risk of exploitation.