PT-2017-14990 · Liveqos · Superbeam

Published

2017-12-19

Updated

2020-02-04

CVE-2017-17763

CVSS v2.0

7.6

High

Vector

AV:N/AC:H/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions SuperBeam versions prior to 4.1.4

Description The issue concerns the lack of HTTPS or any integrity-protection mechanism for file transfer when using the LAN or WiFi Direct Share feature. This makes it easier for remote attackers to send crafted files. For example, it can be used for APK injection.

Recommendations For versions prior to 4.1.4, update to version 4.1.4 or later to resolve the issue. As a temporary workaround, consider avoiding the use of the LAN or WiFi Direct Share feature until a patch is applied. Restrict access to the file transfer functionality to minimize the risk of exploitation.

Exploit

Fix

Missing Encryption of Sensitive Data

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-311

Related Identifiers

CVE-2017-17763

Affected Products

Superbeam

PT-2017-14990 · Liveqos · Superbeam

CVE-2017-17763

Weakness Enumeration

Related Identifiers

Affected Products

References · 3