Overview
- Description
- An incorrect access control vulnerability in the FTP configuration of WiFiRanger devices with firmware version 7.0.8rc3 and earlier allows an attacker with adjacent network access to read the SSH Private Key and log in to the root account.
- Source
- cve@mitre.org
- NVD status
- Modified
Risk scores
CVSS 3.0
- Type
- Primary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
CVSS 2.0
- Type
- Primary
- Base score
- 3.3
- Impact score
- 2.9
- Exploitability score
- 6.5
- Vector string
- AV:A/AC:L/Au:N/C:P/I:N/A:N
Weaknesses
- nvd@nist.gov
- CWE-732
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wifiranger:wifiranger_firmware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E01A445C-77FF-49C1-9362-3DFF8D6654D2",
"versionEndIncluding": "7.0.8"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wifiranger:wifiranger:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "1EF794B3-0FBD-4CD0-94F9-B78900927D2F"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]