Design/Logic Flaw

The BrightSign Digital Signage 4k242 device Firmware 6.2.63 and below allows renaming and modifying files via /tools.html...

CVE-2017-17737

The BrightSign Digital Signage 4k242 device Firmware 6.2.63 and below has XSS via the REF parameter to /networkdiagnostics.html or /storageinfo.html...

CVE-2017-17739

The CVE-2017-17739 entry concerns BrightSign Digital Signage (4k242) devices with firmware 6.2.63 and earlier. A directory traversal flaw exists in the /storage.html page via the rp parameter, enabling an unauthenticated attacker to read or write files on the device. Connected sources (CNVD-2018-...

CVE-2017-17738

The BrightSign Digital Signage 4k242 device Firmware 6.2.63 and below allows renaming and modifying files via /tools.html...

CVE-2017-17738

Summary: CVE-2017-17738 affects BrightSign Digital Signage (4k242) devices with firmware 6.2.63 and earlier. The vulnerability allows renaming and modifying files via the web page /tools.html, as described in CNVD/NVD entries for this device. Public write-access via a web interface is indicated, ...

CVE-2017-17737

The BrightSign Digital Signage 4k242 device Firmware 6.2.63 and below has XSS via the REF parameter to /networkdiagnostics.html or /storageinfo.html...

CVE-2017-17739

The BrightSign Digital Signage 4k242 device Firmware 6.2.63 and below has directory traversal via the /storage.html rp parameter, allowing an attacker to read or write to files...

CVE-2017-17737

BrightSign Digital Signage (4k242) devices running firmware 6.2.63 and earlier are affected by a Cross-Site Scripting (XSS) vulnerability in the REF parameter of /network_diagnostics.html and /storage_info.html. The issue originates from input not being validated, enabling injection that could le...