Strix
26.1K

CVE-2018-7539

UnknownEPSS 4.28%

Last modified

CVE-2018-7539 is a vulnerability of currently unknown severity. On Appear TV XC5000 and XC5100 devices with firmware 3.26.217, it is possible to read OS files with a specially crafted HTTP request (such as GET /../../../../../../../../../../../../etc/passwd) to the web server (fuzzd/0.1.1) running the Maintenance Center on port TCP/8088. This can lead to full compromise of the device.. EPSS estimates a 4.28% chance of exploitation in the next 30 days.

Description

On Appear TV XC5000 and XC5100 devices with firmware 3.26.217, it is possible to read OS files with a specially crafted HTTP request (such as GET /../../../../../../../../../../../../etc/passwd) to the web server (fuzzd/0.1.1) running the Maintenance Center on port TCP/8088. This can lead to full compromise of the device.

Metrics

EPSS Probability
4.28%

89.8th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
AppeartvXc5000 Firmware3.26.217
AppeartvXc5100 Firmware3.26.217

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2018-7539?
On Appear TV XC5000 and XC5100 devices with firmware 3.26.217, it is possible to read OS files with a specially crafted HTTP request (such as GET /../../../../../../../../../../../../etc/passwd) to the web server (fuzzd/0.1.1) running the Maintenance Center on port TCP/8088. This can lead to full compromise of the device.
How severe is CVE-2018-7539?
Severity scoring for CVE-2018-7539 is pending analysis. The EPSS model estimates a 4.28% probability of exploitation in the next 30 days.
How do I fix CVE-2018-7539?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2018-7539?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST