CVE-2018-17873

Name of the Vulnerable Software and Affected Versions: WiFiRanger versions 7.0.8rc3 and earlier

Description: The issue is related to an incorrect access control vulnerability in the FTP configuration, which can be exploited by an attacker with adjacent network access to read the SSH Private Key and log in to the root account. This vulnerability is also associated with errors in key management, potentially allowing a remote attacker to gain access to the SSH key and enter the system with a root account.

Recommendations: For WiFiRanger versions 7.0.8rc3 and earlier, consider restricting access to the FTP configuration and SSH Private Key to minimize the risk of exploitation. As a temporary workaround, restrict access to the root account until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.