cve/2018/CVE-2018-17873.md

CVE-2018-17873

Description

An incorrect access control vulnerability in the FTP configuration of WiFiRanger devices with firmware version 7.0.8rc3 and earlier allows an attacker with adjacent network access to read the SSH Private Key and log in to the root account.

POC

Reference

• http://packetstormsecurity.com/files/149867/WiFiRanger-7.0.8rc3-Incorrect-Access-Control-Privilege-Escalation.html
• http://packetstormsecurity.com/files/149867/WiFiRanger-7.0.8rc3-Incorrect-Access-Control-Privilege-Escalation.html

Github

• https://github.com/0xT11/CVE-POC
• https://github.com/Luct0r/CVE-2018-17873