Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    7 vulnerabilities by BrightSign

    CVE-2025-54756 (GCVE-0-2025-54756)

    Vulnerability from nvd – Published: 2026-02-12 16:34 – Updated: 2026-02-12 18:45
    VLAI
    Title
    BrightSign Players Use of Default Credentials
    Summary
    BrightSign players running BrightSign OS series 4 prior to v8.5.53.1 or series 5 prior to v9.0.166 use a default password that is guessable with knowledge of the device information. The latest release fixes this issue for new installations; users of old installations are encouraged to change all default passwords.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Credits
    Adam Merrill, a member of the Adversarial Modeling and Penetration Testing (AMPT) team at Sandia National Laboratories, reported this vulnerability to CISA.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-54756",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-12T18:44:52.091544Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-12T18:45:20.986Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "BrightSign OS series 4 players",
              "vendor": "BrightSign",
              "versions": [
                {
                  "lessThan": "v8.5.53.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "BrightSign OS series 5 players",
              "vendor": "BrightSign",
              "versions": [
                {
                  "lessThan": "v9.0.166",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Adam Merrill, a member of the Adversarial Modeling and Penetration Testing (AMPT) team at Sandia National Laboratories, reported this vulnerability to CISA."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "BrightSign players running BrightSign OS series 4 prior to v8.5.53.1 or \nseries 5 prior to v9.0.166 use a default password that is guessable with\n knowledge of the device information. The latest release fixes this \nissue for new installations; users of old installations are encouraged \nto change all default passwords."
                }
              ],
              "value": "BrightSign players running BrightSign OS series 4 prior to v8.5.53.1 or \nseries 5 prior to v9.0.166 use a default password that is guessable with\n knowledge of the device information. The latest release fixes this \nissue for new installations; users of old installations are encouraged \nto change all default passwords."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 8.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1392",
                  "description": "CWE-1392",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-12T16:35:09.037Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-126-03"
            },
            {
              "url": "https://www.brightsign.biz/resources/software-downloads/"
            },
            {
              "url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-126-03.json"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cdiv\u003e\n\u003c/div\u003e\nBrightSign fixed CVE-2025-54756 in v8.5.53.1 (for \nseries 4 players) and v9.0.166 (for series 5 players). Both of these \nhave been released and are available on the BrightSign download site.\n\n\u003cdiv\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.brightsign.biz/contact-us/\"\u003e\u003c/a\u003e\n\n\u003cbr\u003e\u003c/div\u003e"
                }
              ],
              "value": "BrightSign fixed CVE-2025-54756 in v8.5.53.1 (for \nseries 4 players) and v9.0.166 (for series 5 players). Both of these \nhave been released and are available on the BrightSign download site.\n\n  https://www.brightsign.biz/contact-us/"
            }
          ],
          "source": {
            "advisory": "ICSA-25-126-03",
            "discovery": "EXTERNAL"
          },
          "title": "BrightSign Players Use of Default Credentials",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eBrightSign recommends the following security practices:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eChange default passwords when the device is initially set up.\u003c/li\u003e\n\u003cli\u003eDisable the local DWS as described in \"High Security settings\".\u003c/li\u003e\n\u003cli\u003eDisable the SSH/telnet server when not being used - it is not enabled by default.\u003c/li\u003e\n\u003cli\u003eDevices should be located where an attacker does not have physical access to the device.\u003c/li\u003e\n\u003cli\u003eSD and USB ports can be disabled if not needed.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eFor more information, please \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.brightsign.biz/contact-us/\"\u003econtact BrightSign via their website.\u003c/a\u003e\u003c/p\u003e\n\n\u003cbr\u003e"
                }
              ],
              "value": "BrightSign recommends the following security practices:\n\n\n\n  *  Change default passwords when the device is initially set up.\n\n  *  Disable the local DWS as described in \"High Security settings\".\n\n  *  Disable the SSH/telnet server when not being used - it is not enabled by default.\n\n  *  Devices should be located where an attacker does not have physical access to the device.\n\n  *  SD and USB ports can be disabled if not needed.\n\n\n\n\nFor more information, please  contact BrightSign via their website. https://www.brightsign.biz/contact-us/"
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2025-54756",
        "datePublished": "2026-02-12T16:34:18.821Z",
        "dateReserved": "2025-07-30T19:03:10.145Z",
        "dateUpdated": "2026-02-12T18:45:20.986Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-3925 (GCVE-0-2025-3925)

    Vulnerability from nvd – Published: 2025-05-07 20:18 – Updated: 2025-05-08 14:04
    VLAI
    Title
    BrightSign Players Execution with Unnecessary Privileges
    Summary
    BrightSign players running BrightSign OS series 4 prior to v8.5.53.1 or series 5 prior to v9.0.166 contain an execution with unnecessary privileges vulnerability, allowing for privilege escalation on the device once code execution has been obtained.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Credits
    Adam Merrill, a member of the Adversarial Modeling and Penetration Testing (AMPT) team at Sandia National Laboratories, reported this vulnerability to CISA.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-3925",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-08T14:04:41.859977Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-08T14:04:48.853Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "BrightSign OS series 4 players",
              "vendor": "BrightSign",
              "versions": [
                {
                  "lessThan": "v8.5.53.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "BrightSign OS series 5 players",
              "vendor": "BrightSign",
              "versions": [
                {
                  "lessThan": "v9.0.166",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Adam Merrill, a member of the Adversarial Modeling and Penetration Testing (AMPT) team at Sandia National Laboratories, reported this vulnerability to CISA."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "BrightSign players running BrightSign OS series 4 prior to v8.5.53.1 or \nseries 5 prior to v9.0.166 contain an execution with unnecessary \nprivileges vulnerability, allowing for privilege escalation on the \ndevice once code execution has been obtained."
                }
              ],
              "value": "BrightSign players running BrightSign OS series 4 prior to v8.5.53.1 or \nseries 5 prior to v9.0.166 contain an execution with unnecessary \nprivileges vulnerability, allowing for privilege escalation on the \ndevice once code execution has been obtained."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 8.5,
                "baseSeverity": "HIGH",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-250",
                  "description": "CWE-250",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-05-07T20:18:22.457Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-126-03"
            },
            {
              "url": "https://www.brightsign.biz/resources/software-downloads/"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cdiv\u003e\nBrightSign fixed \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.cve.org/CVERecord?id=CVE-2025-3925\"\u003eCVE-2025-3925\u003c/a\u003e in v8.5.53.1 (for series 4 players) and v9.0.166 (for series 5 players). Both of these have been released and available on the \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.brightsign.biz/resources/software-downloads/\"\u003eBrightSign download site.\u003c/a\u003e \u003cbr\u003e\u003c/div\u003e\u003cdiv\u003e\nFor more information, please \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.brightsign.biz/contact-us/\"\u003econtact BrightSign via their website.\u003c/a\u003e\n\n\u003cbr\u003e\u003c/div\u003e"
                }
              ],
              "value": "BrightSign fixed  CVE-2025-3925 https://www.cve.org/CVERecord  in v8.5.53.1 (for series 4 players) and v9.0.166 (for series 5 players). Both of these have been released and available on the  BrightSign download site. https://www.brightsign.biz/resources/software-downloads/  \n\n\n\nFor more information, please  contact BrightSign via their website. https://www.brightsign.biz/contact-us/"
            }
          ],
          "source": {
            "advisory": "ICSA-25-126-03",
            "discovery": "EXTERNAL"
          },
          "title": "BrightSign Players Execution with Unnecessary Privileges",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eBrightSign recommends the following security practices:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eChange default passwords when the device is initially set up.\u003c/li\u003e\n\u003cli\u003eDisable the local DWS as described in \"High Security settings\".\u003c/li\u003e\n\u003cli\u003eDisable the SSH/telnet server when not being used - it is not enabled by default.\u003c/li\u003e\n\u003cli\u003eDevices should be located where an attacker does not have physical access to the device.\u003c/li\u003e\n\u003cli\u003eSD and USB ports can be disabled if not needed.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eFor more information, please \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.brightsign.biz/contact-us/\"\u003econtact BrightSign via their website.\u003c/a\u003e\u003c/p\u003e\n\n\u003cbr\u003e"
                }
              ],
              "value": "BrightSign recommends the following security practices:\n\n\n\n  *  Change default passwords when the device is initially set up.\n\n  *  Disable the local DWS as described in \"High Security settings\".\n\n  *  Disable the SSH/telnet server when not being used - it is not enabled by default.\n\n  *  Devices should be located where an attacker does not have physical access to the device.\n\n  *  SD and USB ports can be disabled if not needed.\n\n\n\n\nFor more information, please  contact BrightSign via their website. https://www.brightsign.biz/contact-us/"
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2025-3925",
        "datePublished": "2025-05-07T20:18:22.457Z",
        "dateReserved": "2025-04-24T17:54:29.059Z",
        "dateUpdated": "2025-05-08T14:04:48.853Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-54756 (GCVE-0-2025-54756)

    Vulnerability from cvelistv5 – Published: 2026-02-12 16:34 – Updated: 2026-02-12 18:45
    VLAI
    Title
    BrightSign Players Use of Default Credentials
    Summary
    BrightSign players running BrightSign OS series 4 prior to v8.5.53.1 or series 5 prior to v9.0.166 use a default password that is guessable with knowledge of the device information. The latest release fixes this issue for new installations; users of old installations are encouraged to change all default passwords.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Credits
    Adam Merrill, a member of the Adversarial Modeling and Penetration Testing (AMPT) team at Sandia National Laboratories, reported this vulnerability to CISA.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-54756",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-12T18:44:52.091544Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-12T18:45:20.986Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "BrightSign OS series 4 players",
              "vendor": "BrightSign",
              "versions": [
                {
                  "lessThan": "v8.5.53.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "BrightSign OS series 5 players",
              "vendor": "BrightSign",
              "versions": [
                {
                  "lessThan": "v9.0.166",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Adam Merrill, a member of the Adversarial Modeling and Penetration Testing (AMPT) team at Sandia National Laboratories, reported this vulnerability to CISA."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "BrightSign players running BrightSign OS series 4 prior to v8.5.53.1 or \nseries 5 prior to v9.0.166 use a default password that is guessable with\n knowledge of the device information. The latest release fixes this \nissue for new installations; users of old installations are encouraged \nto change all default passwords."
                }
              ],
              "value": "BrightSign players running BrightSign OS series 4 prior to v8.5.53.1 or \nseries 5 prior to v9.0.166 use a default password that is guessable with\n knowledge of the device information. The latest release fixes this \nissue for new installations; users of old installations are encouraged \nto change all default passwords."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 8.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1392",
                  "description": "CWE-1392",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-12T16:35:09.037Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-126-03"
            },
            {
              "url": "https://www.brightsign.biz/resources/software-downloads/"
            },
            {
              "url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-126-03.json"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cdiv\u003e\n\u003c/div\u003e\nBrightSign fixed CVE-2025-54756 in v8.5.53.1 (for \nseries 4 players) and v9.0.166 (for series 5 players). Both of these \nhave been released and are available on the BrightSign download site.\n\n\u003cdiv\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.brightsign.biz/contact-us/\"\u003e\u003c/a\u003e\n\n\u003cbr\u003e\u003c/div\u003e"
                }
              ],
              "value": "BrightSign fixed CVE-2025-54756 in v8.5.53.1 (for \nseries 4 players) and v9.0.166 (for series 5 players). Both of these \nhave been released and are available on the BrightSign download site.\n\n  https://www.brightsign.biz/contact-us/"
            }
          ],
          "source": {
            "advisory": "ICSA-25-126-03",
            "discovery": "EXTERNAL"
          },
          "title": "BrightSign Players Use of Default Credentials",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eBrightSign recommends the following security practices:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eChange default passwords when the device is initially set up.\u003c/li\u003e\n\u003cli\u003eDisable the local DWS as described in \"High Security settings\".\u003c/li\u003e\n\u003cli\u003eDisable the SSH/telnet server when not being used - it is not enabled by default.\u003c/li\u003e\n\u003cli\u003eDevices should be located where an attacker does not have physical access to the device.\u003c/li\u003e\n\u003cli\u003eSD and USB ports can be disabled if not needed.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eFor more information, please \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.brightsign.biz/contact-us/\"\u003econtact BrightSign via their website.\u003c/a\u003e\u003c/p\u003e\n\n\u003cbr\u003e"
                }
              ],
              "value": "BrightSign recommends the following security practices:\n\n\n\n  *  Change default passwords when the device is initially set up.\n\n  *  Disable the local DWS as described in \"High Security settings\".\n\n  *  Disable the SSH/telnet server when not being used - it is not enabled by default.\n\n  *  Devices should be located where an attacker does not have physical access to the device.\n\n  *  SD and USB ports can be disabled if not needed.\n\n\n\n\nFor more information, please  contact BrightSign via their website. https://www.brightsign.biz/contact-us/"
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2025-54756",
        "datePublished": "2026-02-12T16:34:18.821Z",
        "dateReserved": "2025-07-30T19:03:10.145Z",
        "dateUpdated": "2026-02-12T18:45:20.986Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-3925 (GCVE-0-2025-3925)

    Vulnerability from cvelistv5 – Published: 2025-05-07 20:18 – Updated: 2025-05-08 14:04
    VLAI
    Title
    BrightSign Players Execution with Unnecessary Privileges
    Summary
    BrightSign players running BrightSign OS series 4 prior to v8.5.53.1 or series 5 prior to v9.0.166 contain an execution with unnecessary privileges vulnerability, allowing for privilege escalation on the device once code execution has been obtained.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Credits
    Adam Merrill, a member of the Adversarial Modeling and Penetration Testing (AMPT) team at Sandia National Laboratories, reported this vulnerability to CISA.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-3925",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-08T14:04:41.859977Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-08T14:04:48.853Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "BrightSign OS series 4 players",
              "vendor": "BrightSign",
              "versions": [
                {
                  "lessThan": "v8.5.53.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "BrightSign OS series 5 players",
              "vendor": "BrightSign",
              "versions": [
                {
                  "lessThan": "v9.0.166",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Adam Merrill, a member of the Adversarial Modeling and Penetration Testing (AMPT) team at Sandia National Laboratories, reported this vulnerability to CISA."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "BrightSign players running BrightSign OS series 4 prior to v8.5.53.1 or \nseries 5 prior to v9.0.166 contain an execution with unnecessary \nprivileges vulnerability, allowing for privilege escalation on the \ndevice once code execution has been obtained."
                }
              ],
              "value": "BrightSign players running BrightSign OS series 4 prior to v8.5.53.1 or \nseries 5 prior to v9.0.166 contain an execution with unnecessary \nprivileges vulnerability, allowing for privilege escalation on the \ndevice once code execution has been obtained."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 8.5,
                "baseSeverity": "HIGH",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-250",
                  "description": "CWE-250",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-05-07T20:18:22.457Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-126-03"
            },
            {
              "url": "https://www.brightsign.biz/resources/software-downloads/"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cdiv\u003e\nBrightSign fixed \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.cve.org/CVERecord?id=CVE-2025-3925\"\u003eCVE-2025-3925\u003c/a\u003e in v8.5.53.1 (for series 4 players) and v9.0.166 (for series 5 players). Both of these have been released and available on the \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.brightsign.biz/resources/software-downloads/\"\u003eBrightSign download site.\u003c/a\u003e \u003cbr\u003e\u003c/div\u003e\u003cdiv\u003e\nFor more information, please \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.brightsign.biz/contact-us/\"\u003econtact BrightSign via their website.\u003c/a\u003e\n\n\u003cbr\u003e\u003c/div\u003e"
                }
              ],
              "value": "BrightSign fixed  CVE-2025-3925 https://www.cve.org/CVERecord  in v8.5.53.1 (for series 4 players) and v9.0.166 (for series 5 players). Both of these have been released and available on the  BrightSign download site. https://www.brightsign.biz/resources/software-downloads/  \n\n\n\nFor more information, please  contact BrightSign via their website. https://www.brightsign.biz/contact-us/"
            }
          ],
          "source": {
            "advisory": "ICSA-25-126-03",
            "discovery": "EXTERNAL"
          },
          "title": "BrightSign Players Execution with Unnecessary Privileges",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eBrightSign recommends the following security practices:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eChange default passwords when the device is initially set up.\u003c/li\u003e\n\u003cli\u003eDisable the local DWS as described in \"High Security settings\".\u003c/li\u003e\n\u003cli\u003eDisable the SSH/telnet server when not being used - it is not enabled by default.\u003c/li\u003e\n\u003cli\u003eDevices should be located where an attacker does not have physical access to the device.\u003c/li\u003e\n\u003cli\u003eSD and USB ports can be disabled if not needed.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eFor more information, please \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.brightsign.biz/contact-us/\"\u003econtact BrightSign via their website.\u003c/a\u003e\u003c/p\u003e\n\n\u003cbr\u003e"
                }
              ],
              "value": "BrightSign recommends the following security practices:\n\n\n\n  *  Change default passwords when the device is initially set up.\n\n  *  Disable the local DWS as described in \"High Security settings\".\n\n  *  Disable the SSH/telnet server when not being used - it is not enabled by default.\n\n  *  Devices should be located where an attacker does not have physical access to the device.\n\n  *  SD and USB ports can be disabled if not needed.\n\n\n\n\nFor more information, please  contact BrightSign via their website. https://www.brightsign.biz/contact-us/"
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2025-3925",
        "datePublished": "2025-05-07T20:18:22.457Z",
        "dateReserved": "2025-04-24T17:54:29.059Z",
        "dateUpdated": "2025-05-08T14:04:48.853Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    VAR-201712-0914

    Vulnerability from variot - Updated: 2023-12-18 12:02

    The BrightSign Digital Signage (4k242) device (Firmware 6.2.63 and below) allows renaming and modifying files via /tools.html. An attacker could exploit this vulnerability by using the /tools.html web page to rename and modify files.

    The pages:

    /network_diagnostics.html /storage_info.html

    Suffer from a Cross-Site Scripting vulnerability. The REF parameter for these pages do not sanitize user input, resulting in arbitrary execution, token theft and related attacks.

    The RP parameter in STORAGE.HTML suffers from a directory traversal/information leakage weakness: /storage.html?rp=%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2Fetc

    Through parameter manipulation, the file system can be traversed, unauthenticated, allowing for leakage of information and compromise of the device.

    This page also allows for unauthenticated upload of files.

    /tools.html

    Page allows for unauthenticated rename/manipulation of files.

    When combined, these vulnerabilities allow for compromise of both end users and the device itself.

    Ex. A malicious attacker can upload a malicious page of their choosing and steal credentials, host malicious content or distribute content through the device, which accepts large format SD cards

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201712-0914",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "4k242",
            "scope": "lte",
            "trust": 1.8,
            "vendor": "brightsign",
            "version": "6.2.63"
          },
          {
            "model": "4k242",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "brightsign",
            "version": "6.2.63"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-011555"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-17738"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201712-660"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:brightsign:4k242_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "6.2.63",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:brightsign:4k242:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-17738"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "singularitysec",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "145489"
          }
        ],
        "trust": 0.1
      },
      "cve": "CVE-2017-17738",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.4,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "impactScore": 4.9,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 6.4,
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "CVE-2017-17738",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.4,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "VHN-108790",
                "impactScore": 4.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:N/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "impactScore": 3.6,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 7.5,
                "baseSeverity": "High",
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "CVE-2017-17738",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2017-17738",
                "trust": 1.8,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201712-660",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-108790",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-108790"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-011555"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-17738"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201712-660"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The BrightSign Digital Signage (4k242) device (Firmware 6.2.63 and below) allows renaming and modifying files via /tools.html. An attacker could exploit this vulnerability by using the /tools.html web page to rename and modify files. \n \nThe pages:\n \n/network_diagnostics.html\n/storage_info.html\n \nSuffer from a Cross-Site Scripting vulnerability. The REF parameter for\nthese pages do not sanitize user input, resulting in arbitrary execution,\ntoken theft and related attacks. \n \n \n \nThe RP parameter in STORAGE.HTML suffers from a directory\ntraversal/information leakage weakness:\n/storage.html?rp=%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2Fetc\n \nThrough parameter manipulation, the file system can be traversed,\nunauthenticated, allowing for leakage of information and compromise of the\ndevice. \n \nThis page also allows for unauthenticated upload of files. \n \n/tools.html\n \nPage allows for unauthenticated rename/manipulation of files. \n \nWhen combined, these vulnerabilities allow for compromise of both end users\nand the device itself. \n \nEx. A malicious attacker can upload a malicious page of their choosing and\nsteal credentials, host malicious content or distribute content through the\ndevice, which accepts large format SD cards",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-17738"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-011555"
          },
          {
            "db": "VULHUB",
            "id": "VHN-108790"
          },
          {
            "db": "PACKETSTORM",
            "id": "145489"
          }
        ],
        "trust": 1.8
      },
      "exploit_availability": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "reference": "https://www.scap.org.cn/vuln/vhn-108790",
            "trust": 0.1,
            "type": "unknown"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-108790"
          }
        ]
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2017-17738",
            "trust": 2.6
          },
          {
            "db": "EXPLOIT-DB",
            "id": "43364",
            "trust": 1.7
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-011555",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201712-660",
            "trust": 0.7
          },
          {
            "db": "VULHUB",
            "id": "VHN-108790",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "145489",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-108790"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-011555"
          },
          {
            "db": "PACKETSTORM",
            "id": "145489"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-17738"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201712-660"
          }
        ]
      },
      "id": "VAR-201712-0914",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-108790"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2023-12-18T12:02:54.589000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "4K Product Line",
            "trust": 0.8,
            "url": "https://www.brightsign.biz/digital-signage-products/legacy-products/4k-product-line"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-011555"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "NVD-CWE-noinfo",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-264",
            "trust": 0.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-108790"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-011555"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-17738"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.5,
            "url": "http://www.information-paradox.net/2017/12/brightsign-multiple-vulnerablities-cve.html"
          },
          {
            "trust": 1.7,
            "url": "https://www.exploit-db.com/exploits/43364/"
          },
          {
            "trust": 0.9,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-17738"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-17738"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-17739"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-17737"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-108790"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-011555"
          },
          {
            "db": "PACKETSTORM",
            "id": "145489"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-17738"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201712-660"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-108790"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-011555"
          },
          {
            "db": "PACKETSTORM",
            "id": "145489"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-17738"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201712-660"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-12-18T00:00:00",
            "db": "VULHUB",
            "id": "VHN-108790"
          },
          {
            "date": "2018-01-18T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-011555"
          },
          {
            "date": "2017-12-19T14:26:57",
            "db": "PACKETSTORM",
            "id": "145489"
          },
          {
            "date": "2017-12-18T06:29:00.317000",
            "db": "NVD",
            "id": "CVE-2017-17738"
          },
          {
            "date": "2017-12-19T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201712-660"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-10-03T00:00:00",
            "db": "VULHUB",
            "id": "VHN-108790"
          },
          {
            "date": "2018-01-18T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-011555"
          },
          {
            "date": "2019-10-03T00:03:26.223000",
            "db": "NVD",
            "id": "CVE-2017-17738"
          },
          {
            "date": "2019-10-23T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201712-660"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201712-660"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "BrightSign Digital Signage Vulnerability related to authorization, authority, and access control in device firmware",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-011555"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "permissions and access control issues",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201712-660"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201712-0913

    Vulnerability from variot - Updated: 2023-12-18 12:02

    The BrightSign Digital Signage (4k242) device (Firmware 6.2.63 and below) has XSS via the REF parameter to /network_diagnostics.html or /storage_info.html. BrightSign Digital Signage (4k242) is a set of digital signage multimedia player equipment from BrightSign Company in the United States. A remote attacker could use this vulnerability to execute code by sending a 'REF' parameter to the /network_diagnostics.html or /storage_info.html webpage to execute code and steal tokens.

    The pages:

    /network_diagnostics.html /storage_info.html

    Suffer from a Cross-Site Scripting vulnerability. The REF parameter for these pages do not sanitize user input, resulting in arbitrary execution, token theft and related attacks.

    The RP parameter in STORAGE.HTML suffers from a directory traversal/information leakage weakness: /storage.html?rp=%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2Fetc

    Through parameter manipulation, the file system can be traversed, unauthenticated, allowing for leakage of information and compromise of the device.

    This page also allows for unauthenticated upload of files.

    /tools.html

    Page allows for unauthenticated rename/manipulation of files.

    When combined, these vulnerabilities allow for compromise of both end users and the device itself.

    Ex. A malicious attacker can upload a malicious page of their choosing and steal credentials, host malicious content or distribute content through the device, which accepts large format SD cards

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201712-0913",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "4k242",
            "scope": "lte",
            "trust": 3.4,
            "vendor": "brightsign",
            "version": "6.2.63"
          },
          {
            "model": "digital signage",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "brightsign",
            "version": "\u003c=6.2.63"
          },
          {
            "model": "4k242",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "brightsign",
            "version": "6.2.63"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-01361"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-011556"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-011555"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-011554"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-17737"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201712-661"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:brightsign:4k242_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "6.2.63",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:brightsign:4k242:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-17737"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "singularitysec",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "145489"
          }
        ],
        "trust": 0.1
      },
      "cve": "CVE-2017-17737",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": true,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 7.5,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "CVE-2017-17737",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 6.4,
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "CVE-2017-17737",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Medium",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 4.3,
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "CVE-2017-17737",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "CNVD-2018-01361",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "VHN-108789",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 2.8,
                "impactScore": 2.7,
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2017-17737",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 7.5,
                "baseSeverity": "High",
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "CVE-2017-17737",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 6.1,
                "baseSeverity": "Medium",
                "confidentialityImpact": "Low",
                "exploitabilityScore": null,
                "id": "CVE-2017-17737",
                "impactScore": null,
                "integrityImpact": "Low",
                "privilegesRequired": "None",
                "scope": "Changed",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2017-17737",
                "trust": 1.8,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2017-17737",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "NVD",
                "id": "CVE-2017-17737",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2018-01361",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201712-661",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-108789",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-01361"
          },
          {
            "db": "VULHUB",
            "id": "VHN-108789"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-011556"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-011555"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-011554"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-17737"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201712-661"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The BrightSign Digital Signage (4k242) device (Firmware 6.2.63 and below) has XSS via the REF parameter to /network_diagnostics.html or /storage_info.html. BrightSign Digital Signage (4k242) is a set of digital signage multimedia player equipment from BrightSign Company in the United States. A remote attacker could use this vulnerability to execute code by sending a \u0027REF\u0027 parameter to the /network_diagnostics.html or /storage_info.html webpage to execute code and steal tokens. \n \nThe pages:\n \n/network_diagnostics.html\n/storage_info.html\n \nSuffer from a Cross-Site Scripting vulnerability. The REF parameter for\nthese pages do not sanitize user input, resulting in arbitrary execution,\ntoken theft and related attacks. \n \n \n \nThe RP parameter in STORAGE.HTML suffers from a directory\ntraversal/information leakage weakness:\n/storage.html?rp=%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2Fetc\n \nThrough parameter manipulation, the file system can be traversed,\nunauthenticated, allowing for leakage of information and compromise of the\ndevice. \n \nThis page also allows for unauthenticated upload of files. \n \n/tools.html\n \nPage allows for unauthenticated rename/manipulation of files. \n \nWhen combined, these vulnerabilities allow for compromise of both end users\nand the device itself. \n \nEx. A malicious attacker can upload a malicious page of their choosing and\nsteal credentials, host malicious content or distribute content through the\ndevice, which accepts large format SD cards",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-17737"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-011556"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-011555"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-011554"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-01361"
          },
          {
            "db": "VULHUB",
            "id": "VHN-108789"
          },
          {
            "db": "PACKETSTORM",
            "id": "145489"
          }
        ],
        "trust": 3.78
      },
      "exploit_availability": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "reference": "https://www.scap.org.cn/vuln/vhn-108789",
            "trust": 0.1,
            "type": "unknown"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-108789"
          }
        ]
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2017-17737",
            "trust": 4.8
          },
          {
            "db": "EXPLOIT-DB",
            "id": "43364",
            "trust": 1.7
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-011556",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-011555",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-011554",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201712-661",
            "trust": 0.7
          },
          {
            "db": "EXPLOITDB",
            "id": "43364",
            "trust": 0.6
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-01361",
            "trust": 0.6
          },
          {
            "db": "PACKETSTORM",
            "id": "145489",
            "trust": 0.2
          },
          {
            "db": "VULHUB",
            "id": "VHN-108789",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-01361"
          },
          {
            "db": "VULHUB",
            "id": "VHN-108789"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-011556"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-011555"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-011554"
          },
          {
            "db": "PACKETSTORM",
            "id": "145489"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-17737"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201712-661"
          }
        ]
      },
      "id": "VAR-201712-0913",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-01361"
          },
          {
            "db": "VULHUB",
            "id": "VHN-108789"
          }
        ],
        "trust": 1.7
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "IoT"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-01361"
          }
        ]
      },
      "last_update_date": "2023-12-18T12:02:54.547000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "4K Product Line",
            "trust": 2.4,
            "url": "https://www.brightsign.biz/digital-signage-products/legacy-products/4k-product-line"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-011556"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-011555"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-011554"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-79",
            "trust": 1.9
          },
          {
            "problemtype": "CWE-22",
            "trust": 0.8
          },
          {
            "problemtype": "CWE-264",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-108789"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-011556"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-011555"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-011554"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-17737"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 4.7,
            "url": "http://www.information-paradox.net/2017/12/brightsign-multiple-vulnerablities-cve.html"
          },
          {
            "trust": 1.7,
            "url": "https://www.exploit-db.com/exploits/43364/"
          },
          {
            "trust": 0.9,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-17739"
          },
          {
            "trust": 0.9,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-17738"
          },
          {
            "trust": 0.9,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-17737"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-17739"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-17738"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-17737"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-01361"
          },
          {
            "db": "VULHUB",
            "id": "VHN-108789"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-011556"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-011555"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-011554"
          },
          {
            "db": "PACKETSTORM",
            "id": "145489"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-17737"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201712-661"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-01361"
          },
          {
            "db": "VULHUB",
            "id": "VHN-108789"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-011556"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-011555"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-011554"
          },
          {
            "db": "PACKETSTORM",
            "id": "145489"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-17737"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201712-661"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-01-19T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-01361"
          },
          {
            "date": "2017-12-18T00:00:00",
            "db": "VULHUB",
            "id": "VHN-108789"
          },
          {
            "date": "2018-01-18T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-011556"
          },
          {
            "date": "2018-01-18T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-011555"
          },
          {
            "date": "2018-01-18T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-011554"
          },
          {
            "date": "2017-12-19T14:26:57",
            "db": "PACKETSTORM",
            "id": "145489"
          },
          {
            "date": "2017-12-18T06:29:00.287000",
            "db": "NVD",
            "id": "CVE-2017-17737"
          },
          {
            "date": "2017-12-19T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201712-661"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-01-19T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-01361"
          },
          {
            "date": "2018-01-04T00:00:00",
            "db": "VULHUB",
            "id": "VHN-108789"
          },
          {
            "date": "2018-01-18T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-011556"
          },
          {
            "date": "2018-01-18T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-011555"
          },
          {
            "date": "2018-01-18T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-011554"
          },
          {
            "date": "2018-01-04T18:57:20.063000",
            "db": "NVD",
            "id": "CVE-2017-17737"
          },
          {
            "date": "2017-12-19T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201712-661"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201712-661"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "BrightSign Digital Signage Path traversal vulnerability in device firmware",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-011556"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "XSS",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201712-661"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201712-0915

    Vulnerability from variot - Updated: 2023-12-18 12:02

    The BrightSign Digital Signage (4k242) device (Firmware 6.2.63 and below) has directory traversal via the /storage.html rp parameter, allowing an attacker to read or write to files. BrightSignDigitalSignage (4k242) is a multimedia playback device from BrightSign Corporation of the United States. A directory traversal vulnerability exists in BrightSignDigitalSignage (4k242) using 6.2.63 and earlier firmware.

    The pages:

    /network_diagnostics.html /storage_info.html

    Suffer from a Cross-Site Scripting vulnerability. The REF parameter for these pages do not sanitize user input, resulting in arbitrary execution, token theft and related attacks.

    This page also allows for unauthenticated upload of files.

    /tools.html

    Page allows for unauthenticated rename/manipulation of files.

    When combined, these vulnerabilities allow for compromise of both end users and the device itself.

    Ex. A malicious attacker can upload a malicious page of their choosing and steal credentials, host malicious content or distribute content through the device, which accepts large format SD cards

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201712-0915",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "4k242",
            "scope": "lte",
            "trust": 1.8,
            "vendor": "brightsign",
            "version": "6.2.63"
          },
          {
            "model": "digital signage",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "brightsign",
            "version": "\u003c=6.2.63"
          },
          {
            "model": "4k242",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "brightsign",
            "version": "6.2.63"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-01363"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-011556"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-17739"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201712-659"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:brightsign:4k242_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "6.2.63",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:brightsign:4k242:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-17739"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "singularitysec",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "145489"
          }
        ],
        "trust": 0.1
      },
      "cve": "CVE-2017-17739",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "HIGH",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 7.5,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "CVE-2017-17739",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2018-01363",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "VHN-108791",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2017-17739",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2017-17739",
                "trust": 1.8,
                "value": "CRITICAL"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2018-01363",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201712-659",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-108791",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-01363"
          },
          {
            "db": "VULHUB",
            "id": "VHN-108791"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-011556"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-17739"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201712-659"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The BrightSign Digital Signage (4k242) device (Firmware 6.2.63 and below) has directory traversal via the /storage.html rp parameter, allowing an attacker to read or write to files. BrightSignDigitalSignage (4k242) is a multimedia playback device from BrightSign Corporation of the United States. A directory traversal vulnerability exists in BrightSignDigitalSignage (4k242) using 6.2.63 and earlier firmware. \n \nThe pages:\n \n/network_diagnostics.html\n/storage_info.html\n \nSuffer from a Cross-Site Scripting vulnerability. The REF parameter for\nthese pages do not sanitize user input, resulting in arbitrary execution,\ntoken theft and related attacks. \n \nThis page also allows for unauthenticated upload of files. \n \n/tools.html\n \nPage allows for unauthenticated rename/manipulation of files. \n \nWhen combined, these vulnerabilities allow for compromise of both end users\nand the device itself. \n \nEx. A malicious attacker can upload a malicious page of their choosing and\nsteal credentials, host malicious content or distribute content through the\ndevice, which accepts large format SD cards",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-17739"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-011556"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-01363"
          },
          {
            "db": "VULHUB",
            "id": "VHN-108791"
          },
          {
            "db": "PACKETSTORM",
            "id": "145489"
          }
        ],
        "trust": 2.34
      },
      "exploit_availability": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "reference": "https://www.scap.org.cn/vuln/vhn-108791",
            "trust": 0.1,
            "type": "unknown"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-108791"
          }
        ]
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2017-17739",
            "trust": 3.2
          },
          {
            "db": "EXPLOIT-DB",
            "id": "43364",
            "trust": 1.1
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-011556",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201712-659",
            "trust": 0.7
          },
          {
            "db": "EXPLOITDB",
            "id": "43364",
            "trust": 0.6
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-01363",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-108791",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "145489",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-01363"
          },
          {
            "db": "VULHUB",
            "id": "VHN-108791"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-011556"
          },
          {
            "db": "PACKETSTORM",
            "id": "145489"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-17739"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201712-659"
          }
        ]
      },
      "id": "VAR-201712-0915",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-01363"
          },
          {
            "db": "VULHUB",
            "id": "VHN-108791"
          }
        ],
        "trust": 1.7
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-01363"
          }
        ]
      },
      "last_update_date": "2023-12-18T12:02:54.514000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "4K Product Line",
            "trust": 0.8,
            "url": "https://www.brightsign.biz/digital-signage-products/legacy-products/4k-product-line"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-011556"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-22",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-108791"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-011556"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-17739"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.1,
            "url": "http://www.information-paradox.net/2017/12/brightsign-multiple-vulnerablities-cve.html"
          },
          {
            "trust": 1.1,
            "url": "https://www.exploit-db.com/exploits/43364/"
          },
          {
            "trust": 0.9,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-17739"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-17739"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-17737"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-17738"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-01363"
          },
          {
            "db": "VULHUB",
            "id": "VHN-108791"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-011556"
          },
          {
            "db": "PACKETSTORM",
            "id": "145489"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-17739"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201712-659"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-01363"
          },
          {
            "db": "VULHUB",
            "id": "VHN-108791"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-011556"
          },
          {
            "db": "PACKETSTORM",
            "id": "145489"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-17739"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201712-659"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-01-19T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-01363"
          },
          {
            "date": "2017-12-18T00:00:00",
            "db": "VULHUB",
            "id": "VHN-108791"
          },
          {
            "date": "2018-01-18T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-011556"
          },
          {
            "date": "2017-12-19T14:26:57",
            "db": "PACKETSTORM",
            "id": "145489"
          },
          {
            "date": "2017-12-18T06:29:00.350000",
            "db": "NVD",
            "id": "CVE-2017-17739"
          },
          {
            "date": "2017-12-19T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201712-659"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-01-19T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-01363"
          },
          {
            "date": "2018-01-04T00:00:00",
            "db": "VULHUB",
            "id": "VHN-108791"
          },
          {
            "date": "2018-01-18T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-011556"
          },
          {
            "date": "2018-01-04T15:53:48.677000",
            "db": "NVD",
            "id": "CVE-2017-17739"
          },
          {
            "date": "2017-12-19T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201712-659"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201712-659"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "BrightSign Digital Signage Path traversal vulnerability in device firmware",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-011556"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "path traversal",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201712-659"
          }
        ],
        "trust": 0.6
      }
    }