Vulnerability Details CVE-2018-7539
On Appear TV XC5000 and XC5100 devices with firmware 3.26.217, it is possible to read OS files with a specially crafted HTTP request (such as GET /../../../../../../../../../../../../etc/passwd) to the web server (fuzzd/0.1.1) running the Maintenance Center on port TCP/8088. This can lead to full compromise of the device.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.191
EPSS Ranking 95.1%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.8
References
Products affected by CVE-2018-7539
-
cpe:2.3:h:appeartv:xc5000:-
-
cpe:2.3:h:appeartv:xc5100:-
-
cpe:2.3:o:appeartv:xc5000_firmware:3.26.217
-
cpe:2.3:o:appeartv:xc5100_firmware:3.26.217