How severe is CVE-2017-7588?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.8 out of 10.

What type of vulnerability is CVE-2017-7588?

This is classified as CWE-287, which is a common weakness in software security.

CVE-2017-7588

CRITICAL Year: 2017

CVSS v3 Score

9.8

Critical

CVSS v2 Score

10.0

Critical

Weakness Type

CWE-287

View all →

Vulnerability Description

On certain Brother devices, authorization is mishandled by including a valid AuthCookie cookie in the HTTP response to a failed login attempt. Affected models are: MFC-J6973CDW MFC-J4420DW MFC-8710DW MFC-J4620DW MFC-L8850CDW MFC-J3720 MFC-J6520DW MFC-L2740DW MFC-J5910DW MFC-J6920DW MFC-L2700DW MFC-9130CW MFC-9330CDW MFC-9340CDW MFC-J5620DW MFC-J6720DW MFC-L8600CDW MFC-L9550CDW MFC-L2720DW DCP-L2540DW DCP-L2520DW HL-3140CW HL-3170CDW HL-3180CDW HL-L8350CDW HL-L2380DW ADS-2500W ADS-1000W ADS-1500W.

CVE-2007-4043

CRITICAL

CVSS:9.8(Critical)

file.cgi in Secure Computing SecurityReporter (aka Network Security Analyzer) before 4.6.3 allows remote attackers to bypass authentication via a name parameter ending with a "%00.gif" sequence. NOTE:...

CWE-2872007

CVE-2007-6759

CRITICAL

CVSS:9.8(Critical)

Dataprobe iBootBar (with 2007-09-20 and possibly later released firmware) allows remote attackers to bypass authentication, and conduct power-cycle attacks on connected devices, via a DCRABBIT cookie.

CWE-2872007

CVE-2007-6760

CRITICAL

CVSS:9.8(Critical)

Dataprobe iBootBar (with 2007-09-20 and possibly later beta firmware) allows remote attackers to bypass authentication, and conduct power-cycle attacks on connected devices, via a DCCOOKIE cookie.

CWE-2872007

CVE-2009-2168

CRITICAL

CVSS:9.8(Critical)

cpanel/login.php in EgyPlus 7ammel (aka 7ml) 1.0.1 and earlier sends a redirect to the web browser but does not exit when the supplied credentials are incorrect, which allows remote attackers to bypas...

CWE-2872009

CVE-2009-2382

CRITICAL

CVSS:9.8(Critical)

admin.php in phpMyBlockchecker 1.0.0055 allows remote attackers to bypass authentication and gain administrative access by setting the PHPMYBCAdmin cookie to LOGGEDIN.

CWE-2872009

CVE-2009-2422

CRITICAL

CVSS:9.8(Critical)

The example code for the digest authentication functionality (http_authentication.rb) in Ruby on Rails before 2.3.3 defines an authenticate_or_request_with_http_digest block that returns nil instead o...

CWE-2872009

CVE-2017-7588

Vulnerability Description

Related Vulnerabilities

CVE-2007-4043

CVE-2007-6759

CVE-2007-6760

CVE-2009-2168

CVE-2009-2382

CVE-2009-2422