CVE-2017-7588

EPSS 30.89%
Veröffentlicht 12.04.2017 10:59:00
Zuletzt bearbeitet 20.04.2025 01:37:25
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

On certain Brother devices, authorization is mishandled by including a valid AuthCookie cookie in the HTTP response to a failed login attempt. Affected models are: MFC-J6973CDW MFC-J4420DW MFC-8710DW MFC-J4620DW MFC-L8850CDW MFC-J3720 MFC-J6520DW MFC-L2740DW MFC-J5910DW MFC-J6920DW MFC-L2700DW MFC-9130CW MFC-9330CDW MFC-9340CDW MFC-J5620DW MFC-J6720DW MFC-L8600CDW MFC-L9550CDW MFC-L2720DW DCP-L2540DW DCP-L2520DW HL-3140CW HL-3170CDW HL-3180CDW HL-L8350CDW HL-L2380DW ADS-2500W ADS-1000W ADS-1500W.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Brother ≫ Mfc Firmware Version-

   Brother ≫ Mfc-8710dw Version-
   Brother ≫ Mfc-9130cw Version-
   Brother ≫ Mfc-9330cdw Version-
   Brother ≫ Mfc-9340cdw Version-
   Brother ≫ Mfc-j3720 Version-
   Brother ≫ Mfc-j4420dw Version-
   Brother ≫ Mfc-j4620dw Version-
   Brother ≫ Mfc-j5620dw Version-
   Brother ≫ Mfc-j5910dw Version-
   Brother ≫ Mfc-j6520dw Version-
   Brother ≫ Mfc-j6720dw Version-
   Brother ≫ Mfc-j6920dw Version-
   Brother ≫ Mfc-j6973cdw Version-
   Brother ≫ Mfc-l2700dw Version-
   Brother ≫ Mfc-l2720dw Version-
   Brother ≫ Mfc-l2740dw Version-
   Brother ≫ Mfc-l8600cdw Version-
   Brother ≫ Mfc-l8850cdw Version-
   Brother ≫ Mfc-l9550cdw Version-

Brother ≫ Dcp Firmware Version-

Brother ≫ Dcp-l2520dw Version-
Brother ≫ Dcp-l2540dw Version-

Brother ≫ Ads Firmware Version-

   Brother ≫ Ads-1000w Version-
   Brother ≫ Ads-1500w Version-
   Brother ≫ Ads-2500w Version-

Brother ≫ Hl Firmware Version-

   Brother ≫ Hl-3140cw Version-
   Brother ≫ Hl-3170cdw Version-
   Brother ≫ Hl-3180cdw Version-
   Brother ≫ Hl-l2380dw Version-
   Brother ≫ Hl-l8350cdw Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	30.89%	0.963

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	10	10	10	AV:N/AC:L/Au:N/C:C/I:C/A:C

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

https://cxsecurity.com/blad/WLB-2017040064

https://www.exploit-db.com/exploits/41863/

https://nvd.nist.gov/vuln/detail/CVE-2017-7588

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-7588

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-7588

EUVD