CVE-2017-10931: Path Traversal
First published: Tue Sep 19 2017(Updated: )
The ZXR10 1800-2S before v3.00.40 incorrectly restricts the download of the file directory range for WEB users, resulting in the ability to download any files and cause information leaks such as system configuration.
Credit: psirt@zte.com.cn
| Affected Software | Affected Version | How to fix |
|---|---|---|
| ZTE ZXR10 1800-2S Firmware | <=- | |
| ZTE ZXR10 1800-2S Firmware | ||
| All of | ||
| <3.00.40 | ||
| All of | ||
| <3.00.40 | ||
| All of | ||
| <3.00.40 | ||
| All of | ||
| <3.00.40 | ||
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2017-10931?
CVE-2017-10931 is rated as a medium severity vulnerability due to its potential for information leaks.
How do I fix CVE-2017-10931?
To fix CVE-2017-10931, upgrade the ZXR10 1800-2S firmware to version 3.00.40 or later.
What type of information can be leaked through CVE-2017-10931?
CVE-2017-10931 can lead to the leakage of sensitive information including system configuration files.
Which devices are affected by CVE-2017-10931?
CVE-2017-10931 affects ZTE ZXR10 1800-2S devices running firmware versions prior to 3.00.40.
Is CVE-2017-10931 a remote vulnerability?
Yes, CVE-2017-10931 can be exploited remotely by web users to download unauthorized files.
- agent/type
- agent/author
- agent/weakness
- agent/references
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/first-publish-date
- agent/event
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/last-modified-date
- agent/severity
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- source/NVD
- vendor/zte
- canonical/zte zxr10 1800-2s firmware
- version/zte zxr10 1800-2s firmware/-