cbcvebase.
CVE-2017-17739
published 2017-12-18

CVE-2017-17739: The BrightSign Digital Signage (4k242) device (Firmware 6.2.63 and below) has directory traversal via the /storage.html rp parameter, allowing an attacker to…

PriorityP266critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
11.89%
95.6th percentile
The BrightSign Digital Signage (4k242) device (Firmware 6.2.63 and below) has directory traversal via the /storage.html rp parameter, allowing an attacker to read or write to files.

Affected

1 ranges
VendorProductVersion rangeFixed in
brightsign4k242_firmware<= 6.2.63

Detection & IOCsextracted from sources · hover to see the quote

url/storage.html?rp=%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2Fetc
path/storage.html
path/tools.html
  • Detect directory traversal attempts against the BrightSign /storage.html endpoint by monitoring HTTP requests where the 'rp' parameter contains URL-encoded dot-dot sequences (e.g., %2E%2E%2F) traversing to sensitive paths such as /etc.
  • Monitor for unauthenticated POST/file-upload requests to /storage.html, which allows unauthenticated upload of arbitrary files to the device.
  • Monitor for unauthenticated requests to /tools.html that perform file rename or manipulation operations on the BrightSign device.
  • Detect XSS probes against BrightSign pages /network_diagnostics.html and /storage_info.html by inspecting the 'REF' parameter for unsanitized script injection payloads.
  • Flag any unauthenticated access to BrightSign management pages (/storage.html, /tools.html, /network_diagnostics.html, /storage_info.html) from external or untrusted network segments, as all exploits described require no authentication.
  • ·Affected firmware is version 6.2.63 and below on the BrightSign 4k242 device; detections should be scoped to environments running this firmware version or lower.

CVSS provenance

nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.