Vulnerability Description
cgi-bin/write.cgi in Anti-Web through 3.8.7, as used on NetBiter / HMS, Ouman EH-net, Alliance System WS100 --> AWU 500, Sauter ERW100F001, Carlo Gavazzi SIU-DLG, AEDILIS SMART-1, SYXTHSENSE WebBiter, ABB SREA, and ASCON DY WebServer devices, allows remote authenticated users to execute arbitrary OS commands via crafted multipart/form-data content, a different vulnerability than CVE-2017-9097.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Hoytech | Antiweb | <= 3.8.7 |
Related Weaknesses (CWE)
References
- https://github.com/ezelf/AntiWeb_testing-Suite/tree/master/RCEExploitIssue TrackingThird Party Advisory
- https://www.seebug.org/vuldb/ssvid-96555ExploitIssue TrackingThird Party Advisory
- https://www.youtube.com/watch?v=HdkZA1DO08YExploitIssue TrackingThird Party Advisory
- https://github.com/ezelf/AntiWeb_testing-Suite/tree/master/RCEExploitIssue TrackingThird Party Advisory
- https://www.seebug.org/vuldb/ssvid-96555ExploitIssue TrackingThird Party Advisory
- https://www.youtube.com/watch?v=HdkZA1DO08YExploitIssue TrackingThird Party Advisory
FAQ
What is CVE-2017-17888?
CVE-2017-17888 is a vulnerability with a CVSS score of 8.8 (HIGH). cgi-bin/write.cgi in Anti-Web through 3.8.7, as used on NetBiter / HMS, Ouman EH-net, Alliance System WS100 --> AWU 500, Sauter ERW100F001, Carlo Gavazzi SIU-DLG, AEDILIS SMART-1, SYXTHSENSE WebBiter,...
How severe is CVE-2017-17888?
CVE-2017-17888 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-17888?
Check the references section above for vendor advisories and patch information. Affected products include: Hoytech Antiweb.