How severe is CVE-2018-7160?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.8 out of 10.

What type of vulnerability is CVE-2018-7160?

This is classified as CWE-350, which is a common weakness in software security.

CVE-2018-7160 - HIGH Severity | CVSS 8.8

Vulnerability Description

The Node.js inspector, in 6.x and later is vulnerable to a DNS rebinding attack which could be exploited to perform remote code execution. An attack is possible from malicious websites open in a web browser on the same computer, or another computer with network access to the computer running the Node.js process. A malicious website could use a DNS rebinding attack to trick the web browser to bypass same-origin-policy checks and to allow HTTP connections to localhost or to hosts on the local network. If a Node.js process with the debug port active is running on localhost or on a host on the local network, the malicious website could connect to it as a debugger, and get full code execution access.

Related Vulnerabilities

CVE-2021-34561

HIGH

CVSS:8.8(High)

In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.8 serious issue exists, if the application is not externally accessible or uses IP-based access restrictions. Attackers can use DNS Rebinding to bypass any...

CWE-3502021

CVE-2023-52235

HIGH

CVSS:8.8(High)

SpaceX Starlink Wi-Fi router GEN 2 before 2023.53.0 and Starlink Dish before 07dd2798-ff15-4722-a9ee-de28928aed34 allow CSRF (e.g., for a reboot) via a DNS Rebinding attack.

CWE-3502023

CVE-2017-0902

HIGH

CVSS:8.1(High)

RubyGems version 2.6.12 and earlier is vulnerable to a DNS hijacking vulnerability that allows a MITM attacker to force the RubyGems client to download and install gems from a server that the attacker...

CWE-3502017

CVE-2021-22884

HIGH

CVSS:7.5(High)

Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to DNS rebinding attacks as the whitelist includes “localhost6”. When “localhost6” is not present in /etc/hosts, it is just an ordin...

CWE-3502021

CVE-2021-34561

HIGH

CVSS:8.8(High)

CWE-3502021

CVE-2023-52235

HIGH

CVSS:8.8(High)

SpaceX Starlink Wi-Fi router GEN 2 before 2023.53.0 and Starlink Dish before 07dd2798-ff15-4722-a9ee-de28928aed34 allow CSRF (e.g., for a reboot) via a DNS Rebinding attack.

CWE-3502023