CVE-2017-16885

CRITICAL

FiberHome LM53Q1 VH519R05C01S38 - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-16885. PoCs published by Ibad Shah.

AI-analyzed exploit summary This exploit targets multiple vulnerabilities in FiberHome MIFI LM53Q1 devices, specifically CVE-2017-16887, to retrieve administrative credentials and device details without authentication. It interacts with the device's XML API to extract sensitive information and modify settings.

Description

Improper Permissions Handling in the Portal on FiberHome LM53Q1 VH519R05C01S38 devices (intended for obtaining information about Internet Usage, Changing Passwords, etc.) allows remote attackers to look for the information without authenticating. The information includes Version of device, Firmware ID, Connected users to device along their MAC Addresses, etc.

Exploits (1)

exploitdb WORKING POC
by Ibad Shah · pythonwebappshardware
https://www.exploit-db.com/exploits/43460

This exploit targets multiple vulnerabilities in FiberHome MIFI LM53Q1 devices, specifically CVE-2017-16887, to retrieve administrative credentials and device details without authentication. It interacts with the device's XML API to extract sensitive information and modify settings.

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: FiberHome MIFI LM53Q1 (VH519R05C01S38)
No auth needed
Prerequisites: Network access to the target device · Device must be using default or vulnerable firmware
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/43460/
Mailing List, Third Party Advisory mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2018/Jan/28

Scores

CVSS v3 9.8
EPSS 0.3399
EPSS Percentile 98.2%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-732
Status published
Products (1)
fiberhome/lm53q1_firmware vh519r05c01s38
Published Jan 12, 2018
Tracked Since Feb 18, 2026