Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2017-7588
HistoryApr 12, 2017 - 10:59 a.m.

CVE-2017-7588

2017-04-1210:59:00
CWE-287
[email protected]
web.nvd.nist.gov
47
cve-2017-7588
brother devices
authorization mishandling
authcookie
http response
login vulnerability
affected models

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.2 High

AI Score

Confidence

High

0.759 High

EPSS

Percentile

98.2%

JSON

On certain Brother devices, authorization is mishandled by including a valid AuthCookie cookie in the HTTP response to a failed login attempt. Affected models are: MFC-J6973CDW MFC-J4420DW MFC-8710DW MFC-J4620DW MFC-L8850CDW MFC-J3720 MFC-J6520DW MFC-L2740DW MFC-J5910DW MFC-J6920DW MFC-L2700DW MFC-9130CW MFC-9330CDW MFC-9340CDW MFC-J5620DW MFC-J6720DW MFC-L8600CDW MFC-L9550CDW MFC-L2720DW DCP-L2540DW DCP-L2520DW HL-3140CW HL-3170CDW HL-3180CDW HL-L8350CDW HL-L2380DW ADS-2500W ADS-1000W ADS-1500W.

Affected configurations

NVD
Node
brothermfc_firmwareMatch-
AND
brothermfc-8710dwMatch-
OR
brothermfc-9130cwMatch-
OR
brothermfc-9330cdwMatch-
OR
brothermfc-9340cdwMatch-
OR
brothermfc-j3720Match-
OR
brothermfc-j4420dwMatch-
OR
brothermfc-j4620dwMatch-
OR
brothermfc-j5620dwMatch-
OR
brothermfc-j5910dwMatch-
OR
brothermfc-j6520dwMatch-
OR
brothermfc-j6720dwMatch-
OR
brothermfc-j6920dwMatch-
OR
brothermfc-j6973cdwMatch-
OR
brothermfc-l2700dwMatch-
OR
brothermfc-l2720dwMatch-
OR
brothermfc-l2740dwMatch-
OR
brothermfc-l8600cdwMatch-
OR
brothermfc-l8850cdwMatch-
OR
brothermfc-l9550cdwMatch-
Node
brotherdcp_firmwareMatch-
AND
brotherdcp-l2520dwMatch-
OR
brotherdcp-l2540dwMatch-
Node
brotherads_firmwareMatch-
AND
brotherads-1000wMatch-
OR
brotherads-1500wMatch-
OR
brotherads-2500wMatch-
Node
brotherhl_firmwareMatch-
AND
brotherhl-3140cwMatch-
OR
brotherhl-3170cdwMatch-
OR
brotherhl-3180cdwMatch-
OR
brotherhl-l2380dwMatch-
OR
brotherhl-l8350cdwMatch-

Related

zdt 1
cvelist 1
nvd 1
openvas 1
prion 1
exploitpack 1
packetstorm 1
exploitdb 1
zdt
zdt
Brother MFC-J6520DW - Authentication Bypass / Password Change Exploit
2017-04-12 00:00:00
cvelist
cvelist
CVE-2017-7588
2017-04-12 10:00:00
nvd
nvd
CVE-2017-7588
2017-04-12 10:59:00
openvas
openvas
Brother Devices - Authentication Bypass / Password Change Exploit
2017-04-24 00:00:00
prion
prion
Authorization
2017-04-12 10:59:00
exploitpack
exploitpack
Brother MFC-J6520DW - Authentication Bypass Password Change
2017-04-11 00:00:00
packetstorm
packetstorm
Brother MFC-J6520DW Password Change Authentication Bypass
2017-04-12 00:00:00
exploitdb
exploitdb
Brother MFC-J6520DW - Authentication Bypass / Password Change
2017-04-11 00:00:00

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.2 High

AI Score

Confidence

High

0.759 High

EPSS

Percentile

98.2%

JSON
Related for CVE-2017-7588
zdt1cvelist1nvd1openvas1prion1exploitpack1packetstorm1exploitdb1