- Description
- An incorrect access control vulnerability in the FTP configuration of WiFiRanger devices with firmware version 7.0.8rc3 and earlier allows an attacker with adjacent network access to read the SSH Private Key and log in to the root account.
- Source
- cve@mitre.org
- NVD status
- Modified
CVSS 3.0
- Type
- Primary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
CVSS 2.0
- Type
- Primary
- Base score
- 3.3
- Impact score
- 2.9
- Exploitability score
- 6.5
- Vector string
- AV:A/AC:L/Au:N/C:P/I:N/A:N
- nvd@nist.gov
- CWE-732
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wifiranger:wifiranger_firmware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E01A445C-77FF-49C1-9362-3DFF8D6654D2",
"versionEndIncluding": "7.0.8"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wifiranger:wifiranger:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "1EF794B3-0FBD-4CD0-94F9-B78900927D2F"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]