CVE-2017-16885

CRITICAL

FiberHome LM53Q1 VH519R05C01S38 - Info Disclosure

Title source: llm

Description

Improper Permissions Handling in the Portal on FiberHome LM53Q1 VH519R05C01S38 devices (intended for obtaining information about Internet Usage, Changing Passwords, etc.) allows remote attackers to look for the information without authenticating. The information includes Version of device, Firmware ID, Connected users to device along their MAC Addresses, etc.

Exploits (1)

exploitdb WORKING POC

by Ibad Shah · pythonwebappshardware

https://www.exploit-db.com/exploits/43460

View Code ZIP pw:eip

References (2)

[Mailing List, Third Party Advisory] http://seclists.org/fulldisclosure/2018/Jan/28

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/43460/

Scores

CVSS v3 9.8

EPSS 0.0736

EPSS Percentile 91.7%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-732

Status published

Products (1)

fiberhome/lm53q1_firmware vh519r05c01s38

Published Jan 12, 2018

Tracked Since Feb 18, 2026