How severe is CVE-2017-9136?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.5 out of 10.

What type of vulnerability is CVE-2017-9136?

This is classified as CWE-327, which is a common weakness in software security.

CVE-2017-9136 - HIGH Severity | CVSS 7.5

Vulnerability Description

An issue was discovered on Mimosa Client Radios before 2.2.3. In the device's web interface, there is a page that allows an attacker to use an unsanitized GET parameter to download files from the device as the root user. The attacker can download any file from the device's filesystem. This can be used to view unsalted, MD5-hashed administrator passwords, which can then be cracked, giving the attacker full admin access to the device's web interface. This vulnerability can also be used to view the plaintext pre-shared key (PSK) for encrypted wireless connections, or to view the device's serial number (which allows an attacker to factory reset the device).

Related Vulnerabilities

CVE-2002-2058

HIGH

CVSS:7.5(High)

TeeKai Tracking Online 1.0 uses weak encryption of web usage statistics in data/userlog/log.txt, which allows remote attackers to identify IP's visiting the site by dividing each octet by the MD5 hash...

CWE-3272002

CVE-2005-2946

HIGH

CVSS:7.5(High)

The default configuration on OpenSSL before 0.9.8 uses MD5 for creating message digests instead of a more cryptographically strong algorithm, which makes it easier for remote attackers to forge certif...

CWE-3272005

CVE-2007-4150

HIGH

CVSS:7.5(High)

The Visionsoft Audit on Demand Service (VSAOD) in Visionsoft Audit 12.4.0.0 uses weak cryptography (XOR) when (1) transmitting passwords, which allows remote attackers to obtain sensitive information ...

CWE-3272007

CVE-2008-3188

HIGH

CVSS:7.5(High)

libxcrypt in SUSE openSUSE 11.0 uses the DES algorithm when the configuration specifies the MD5 algorithm, which makes it easier for attackers to conduct brute-force attacks against hashed passwords.

CWE-3272008

CVE-2012-5623

HIGH

CVSS:7.5(High)

Squirrelmail 4.0 uses the outdated MD5 hash algorithm for passwords.

CWE-3272012

CVE-2015-0226

HIGH

CVSS:7.5(High)

Apache WSS4J before 1.6.17 and 2.0.x before 2.0.2 improperly leaks information about decryption failures when decrypting an encrypted key or message data, which makes it easier for remote attackers to...

CWE-3272015