CVE-2018-16710: Infoleak
First published: Fri Sep 07 2018(Updated: )
** DISPUTED ** OctoPrint through 1.3.9 allows remote attackers to obtain sensitive information or cause a denial of service via HTTP requests on port 8081. NOTE: the vendor disputes the significance of this report because their documentation states that with "blind port forwarding ... Putting OctoPrint onto the public internet is a terrible idea, and I really can't emphasize that enough."
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Octoprint Octoprint | <=1.3.9 | |
| <=1.3.9 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2018-16710?
CVE-2018-16710 is a vulnerability in OctoPrint through version 1.3.9 that allows remote attackers to obtain sensitive information or cause a denial of service via HTTP requests on port 8081.
What is the severity of CVE-2018-16710?
The severity of CVE-2018-16710 is critical with a CVSS score of 9.1.
How can I exploit CVE-2018-16710?
We do not provide information on how to exploit vulnerabilities. It is important to follow ethical guidelines and adhere to the law.
How do I fix CVE-2018-16710?
To fix CVE-2018-16710, it is recommended to upgrade OctoPrint to a version beyond 1.3.9.
Where can I find more information about CVE-2018-16710?
You can find more information about CVE-2018-16710 at the following reference: [https://github.com/foosel/OctoPrint/issues/2814]
- collector/nvd-index
- agent/type
- agent/first-publish-date
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/severity
- agent/weakness
- agent/references
- agent/last-modified-date
- agent/author
- agent/status
- agent/softwarecombine
- agent/tags
- agent/description
- agent/event
- status/disputed
- vendor/octoprint
- canonical/octoprint octoprint
- version/octoprint octoprint/1.3.9