CVE-2018-17873

HIGH

WiFiRanger <7.0.8rc3 - Info Disclosure

Title source: llm

Description

An incorrect access control vulnerability in the FTP configuration of WiFiRanger devices with firmware version 7.0.8rc3 and earlier allows an attacker with adjacent network access to read the SSH Private Key and log in to the root account.

Exploits (1)

nomisec WORKING POC 1 stars

by Luct0r · poc

https://github.com/Luct0r/CVE-2018-17873

View Code ZIP pw:eip

References (1)

Core 1

Core References

Exploit, Third Party Advisory, VDB Entry x_refsource_misc

http://packetstormsecurity.com/files/149867/WiFiRanger-7.0.8rc3-Incorrect-Access-Control-Privilege-Escalation.html

Scores

CVSS v3 8.8

EPSS 0.0501

EPSS Percentile 89.8%

Attack Vector ADJACENT_NETWORK

CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-732

Status published

Products (1)

wifiranger/wifiranger_firmware < 7.0.8

Published Oct 23, 2018

Tracked Since Feb 18, 2026