Improper Permissions Handling in FiberHome LM53Q1 Devices
CVE-2017-16885

9.8CRITICAL

Key Information:

Vendor: Fiberhome
Status: Lm53q1 Firmware
Vendor: CVE Published:; 12 January 2018

What is CVE-2017-16885?

The FiberHome LM53Q1 device suffers from an improper permissions handling vulnerability that enables remote attackers to access sensitive information without authentication. This includes details such as device version, firmware ID, and connected users along with their MAC addresses. The vulnerability poses a significant risk, as attackers can exploit it to gather critical data without needing valid credentials.

References

https://www.exploit-db.com/exploits/43460/

exploitx_refsource_EXPLOIT-DB

http://seclists.org/fulldisclosure/2018/Jan/28

mailing-listx_refsource_FULLDISC

EPSS Score

11% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 12, 2018
Vulnerability Reserved
Nov 19, 2017

Fiberhome

What is CVE-2017-16885?

References

EPSS Score

CVSS V3.1

Timeline