CVE-2017-16929

HIGH EXPLOITED

Claymore Dual GPU miner 10.1 - Path Traversal

Title source: llm

Description

The remote management interface on the Claymore Dual GPU miner 10.1 is vulnerable to an authenticated directory traversal vulnerability exploited by issuing a specially crafted request, allowing a remote attacker to read/write arbitrary files. This can be exploited via ../ sequences in the pathname to miner_file or miner_getfile.

Exploits (1)

exploitdb WORKING POC

by tintinweb · pythonremotewindows

https://www.exploit-db.com/exploits/43231

View Code ZIP pw:eip

References (3)

[Mailing List] http://www.openwall.com/lists/oss-security/2017/12/04/3

[Third Party Advisory] https://github.com/tintinweb/pub/tree/master/pocs/cve-2017-16929

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/43231/

Scores

CVSS v3 8.1

EPSS 0.2714

EPSS Percentile 96.3%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Exploitation Intel

VulnCheck KEV 2018-01-17

Classification

CWE

CWE-22 CWE-119

Status draft

Affected Products (1)

claymore_dual_miner_project/claymore_dual_miner

Timeline

Published Dec 05, 2017

Tracked Since Feb 18, 2026