PT-2017-14977 · Brightsign · Brightsign Digital Signage

Singularitysec

Published

2017-12-18

Updated

2018-01-04

CVE-2017-17737

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions BrightSign Digital Signage (4k242) device versions 6.2.63 and below

Description The issue concerns a problem where an attacker can execute malicious scripts. The estimated number of potentially affected devices worldwide is not specified. Details about real-world incidents where this issue was exploited are not provided. Technical details about exploitation include the API endpoint /network diagnostics.html or /storage info.html, and the vulnerable parameter REF.

Recommendations For versions 6.2.63 and below, avoid using the REF parameter in the affected API endpoints /network diagnostics.html and /storage info.html until the issue is resolved.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2017-17737

Affected Products

Brightsign Digital Signage

PT-2017-14977 · Brightsign · Brightsign Digital Signage

CVE-2017-17737

Weakness Enumeration

Related Identifiers

Affected Products

References · 4