CVE-2017-7909
CRITICALAdvantech B+B SmartWorx MESR901 Firmware < 1.5.2 - Improper Authentication via Client-Side JavaScript Bypass
Title source: llmDescription
A Use of Client-Side Authentication issue was discovered in Advantech B+B SmartWorx MESR901 firmware versions 1.5.2 and prior. The web interface uses JavaScript to check client authentication and redirect unauthorized users. Attackers may intercept requests and bypass authentication to access restricted web pages.
References (2)
Core 2
Core References
Third Party Advisory, US Government Resource x_refsource_misc
https://ics-cert.us-cert.gov/advisories/ICSA-17-122-03
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/98257
Scores
CVSS v3
9.8
EPSS
0.0262
EPSS Percentile
83.5%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-287
CWE-603
Status
published
Products (2)
advantech_b\+b_smartworx/mesr901_firmware
< 1.5.2
n/a/Advantech B+B SmartWorx MESR901
Advantech B+B SmartWorx MESR901
Published
May 06, 2017
Tracked Since
Feb 18, 2026