CVE-2018-7539
CRITICALAppear TV XC5000 and XC5100 Firmware 3.26.217 - Path Traversal via Maintenance Center HTTP Request
Title source: llmDescription
On Appear TV XC5000 and XC5100 devices with firmware 3.26.217, it is possible to read OS files with a specially crafted HTTP request (such as GET /../../../../../../../../../../../../etc/passwd) to the web server (fuzzd/0.1.1) running the Maintenance Center on port TCP/8088. This can lead to full compromise of the device.
References (1)
Core 1
Core References
Exploit, Mailing List, Mitigation, Third Party Advisory mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2018/Apr/34
Scores
CVSS v3
9.8
EPSS
0.0428
EPSS Percentile
89.9%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-22
Status
published
Products (2)
appeartv/xc5000_firmware
3.26.217
appeartv/xc5100_firmware
3.26.217
Published
Apr 17, 2018
Tracked Since
Feb 18, 2026