Arbitrary Code Execution Risk in WN-AX1167GR Firmware by I-O DATA
CVE-2017-2280

8.8HIGH

Key Information:

Vendor: I-o Data Device, Inc.
Status: Wn-ax1167gr
Vendor: CVE Published:; 2 August 2017

🔔 Create I-o Data Device, Inc. Vulnerability Alert

What is CVE-2017-2280?

The WN-AX1167GR firmware, versions 3.00 and earlier, contain hardcoded credentials that may allow unauthorized users gaining access to execute arbitrary code on the device, potentially compromising its integrity and security.

Affected Version(s)

WN-AX1167GR firmware version 3.00 and earlier

References

https://jvn.jp/en/jp/JVN01312667/index.html

third-party-advisoryx_refsource_JVN

http://www.iodata.jp/support/information/2017/wn-ax1167gr/

x_refsource_MISC

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 2, 2017
Vulnerability Reserved
Dec 1, 2016