Lucene search

[email protected]CVE-2018-5997

HistoryJan 25, 2018 - 5:29 p.m.

CVE-2018-5997

2018-01-2517:29:00

CWE-434

CWE-22

[email protected]

web.nvd.nist.gov

cve-2018-5997

http server

ravpower filehub

file upload

path traversal

remote code execution

nvd

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.7 High

AI Score

Confidence

High

0.084 Low

EPSS

Percentile

94.4%

JSON

An issue was discovered in the HTTP Server in RAVPower Filehub 2.000.056. Due to an unrestricted upload feature and a path traversal vulnerability, it is possible to upload a file on a filesystem with root privileges: this will lead to remote code execution as root.

Affected configurations

NVD

Node

ravpowerfilehub_firmwareMatch2.000.056

CPENameOperatorVersion
ravpower:filehub_firmwareravpower filehub firmwareeq2.000.056

CPE	Name	Operator	Version
ravpower:filehub_firmware	ravpower filehub firmware	eq	2.000.056

References

www.exploit-db.com/exploits/43871/

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.7 High

AI Score

Confidence

High

0.084 Low

EPSS

Percentile

94.4%

JSON

Related for CVE-2018-5997

cvelist1 zdt1 exploitpack1 packetstorm1 prion1 nvd1 exploitdb1