First published: Fri Sep 07 2018(Updated: )
** DISPUTED ** OctoPrint through 1.3.9 allows remote attackers to obtain sensitive information or cause a denial of service via HTTP requests on port 8081. NOTE: the vendor disputes the significance of this report because their documentation states that with "blind port forwarding ... Putting OctoPrint onto the public internet is a terrible idea, and I really can't emphasize that enough."
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Octoprint Octoprint | <=1.3.9 | |
<=1.3.9 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2018-16710 is a vulnerability in OctoPrint through version 1.3.9 that allows remote attackers to obtain sensitive information or cause a denial of service via HTTP requests on port 8081.
The severity of CVE-2018-16710 is critical with a CVSS score of 9.1.
We do not provide information on how to exploit vulnerabilities. It is important to follow ethical guidelines and adhere to the law.
To fix CVE-2018-16710, it is recommended to upgrade OctoPrint to a version beyond 1.3.9.
You can find more information about CVE-2018-16710 at the following reference: [https://github.com/foosel/OctoPrint/issues/2814]