Vulnerability Details CVE-2017-18923
beroNet VoIP Gateways before 3.0.16 have a PHP script that allows downloading arbitrary files, including ones with credentials.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 59.4%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
- https://beronet.atlassian.net/wiki/spaces/PUB/pages/88768529/Security+Issues
- https://www.heise.de/security/meldung/Angriffe-auf-VoIP-Gateways-von-beroNet-Patch-sorgt-fuer-Sicherheit-3594737.html
- https://beronet.atlassian.net/wiki/spaces/PUB/pages/88768529/Security+Issues
- https://www.heise.de/security/meldung/Angriffe-auf-VoIP-Gateways-von-beroNet-Patch-sorgt-fuer-Sicherheit-3594737.html
Products affected by CVE-2017-18923
-
cpe:2.3:h:beronet:bf16001e1box:-
-
cpe:2.3:h:beronet:bf16001t1box:-
-
cpe:2.3:h:beronet:bf4001e1box:-
-
cpe:2.3:h:beronet:bf4001t1box:-
-
cpe:2.3:h:beronet:bf64002e1box:-
-
cpe:2.3:h:beronet:bf64002t1box:-
-
cpe:2.3:h:beronet:bfsb1s0:-
-
cpe:2.3:h:beronet:bfsb2hy:-
-
cpe:2.3:h:beronet:bfsb2s02xo:-
-
cpe:2.3:h:beronet:bfsb2s0:-
-
cpe:2.3:h:beronet:bfsb4xo4xs:-
-
cpe:2.3:h:beronet:bfsb4xo:-
-
cpe:2.3:h:beronet:bfsb4xs:-
-
cpe:2.3:h:beronet:bn16fxsfax_b:-
-
cpe:2.3:h:beronet:bn16fxsfax_c:-
-
cpe:2.3:o:beronet:voice_over_internet_protocol_gateways_firmware:*