Vulnerability Description
Privilege escalation vulnerability on the DIGISOL DG-HR1400 1.00.02 wireless router enables an attacker to escalate from user privilege to admin privilege just by modifying the Base64-encoded session cookie value.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Digisol | Dg-Hr1400 Router Firmware | 1.00.02 |
| Digisol | Dg-Hr1400 Router | - |
Related Weaknesses (CWE)
References
- http://seclists.org/fulldisclosure/2017/Mar/52
- https://drive.google.com/file/d/0B6715xUqH18MX29uRlpaSVJ4OTA/view?usp=sharingThird Party Advisory
- https://packetstormsecurity.com/files/141693/digisol-escalate.txt
- https://www.exploit-db.com/exploits/41633/
- https://www.indrajithan.com/DIGISOL_router_previlage_escaltionExploitThird Party Advisory
- http://seclists.org/fulldisclosure/2017/Mar/52
- https://drive.google.com/file/d/0B6715xUqH18MX29uRlpaSVJ4OTA/view?usp=sharingThird Party Advisory
- https://packetstormsecurity.com/files/141693/digisol-escalate.txt
- https://www.exploit-db.com/exploits/41633/
- https://www.indrajithan.com/DIGISOL_router_previlage_escaltionExploitThird Party Advisory
FAQ
What is CVE-2017-6896?
CVE-2017-6896 is a vulnerability with a CVSS score of 8.8 (HIGH). Privilege escalation vulnerability on the DIGISOL DG-HR1400 1.00.02 wireless router enables an attacker to escalate from user privilege to admin privilege just by modifying the Base64-encoded session ...
How severe is CVE-2017-6896?
CVE-2017-6896 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-6896?
Check the references section above for vendor advisories and patch information. Affected products include: Digisol Dg-Hr1400 Router Firmware, Digisol Dg-Hr1400 Router.