CVE-2017-6911

MEDIUM

USB Pratirodh - Info Disclosure

Title source: llm

Description

USB Pratirodh is prone to sensitive information disclosure. It stores sensitive information such as username and password in simple usb.xml. An attacker with physical access to the system can modify the file according his own requirements that may aid in further attack.

References (4)

[Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/141651/USB-Pratirodh-Insecure-Password-Storage.html

[Third Party Advisory, VDB Entry] http://seclists.org/fulldisclosure/2017/Mar/43

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/540289/100/0/threaded

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/96970

Scores

CVSS v3 6.6

EPSS 0.0009

EPSS Percentile 25.2%

Attack Vector PHYSICAL

CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-922

Status published

Affected Products (2)

usb_pratirodh_project/usb_pratirodh

n/a/n/a

Timeline

Published Mar 23, 2017

Tracked Since Feb 18, 2026