cbcvebase.
CVE-2017-5162
published 2017-02-13

CVE-2017-5162: An issue was discovered in BINOM3 Universal Multifunctional Electric Power Quality Meter. Lack of authentication for remote service gives access to application…

PriorityP267critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
12.61%
95.7th percentile
An issue was discovered in BINOM3 Universal Multifunctional Electric Power Quality Meter. Lack of authentication for remote service gives access to application set up and configuration.

Detection & IOCsextracted from sources · hover to see the quote

commandroot/root, admin/1, alg/1, user/1
pathauxiliary/scanner/http/binom3_login_config_pass_dump
  • Scan for unauthenticated access to BINOM3 web management login portal; the device exposes configuration and password file download endpoints accessible without authentication.
  • Alert on successful login attempts using known default credentials (root/root, admin/1, alg/1, user/1) against BINOM3 HTTP management interfaces.
  • Monitor for HTTP requests attempting to download configuration and password files from BINOM3 devices, particularly by non-root users accessing configuration files and root users accessing password files.
  • CVE-2017-5162 scores CVSS v3 10.0 (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H) — network-reachable BINOM3 devices should be treated as fully compromised if exposed to untrusted networks.
  • ·No vendor-supplied patch exists for this vulnerability; BINOM3 had not created mitigations at time of advisory publication. Defensive measures are purely network-level.
  • ·Users cannot change their own passwords on affected devices (CVE-2017-5167, hard-coded passwords CWE-259), meaning default credential blocking at the network perimeter is the only viable control.
  • ·The Metasploit module covers credential scanning AND config/password file exfiltration in a single auxiliary module; defenders should expect both authentication probing and immediate data harvesting in a single attack session.

CVSS provenance

nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
vendor_redhat5.9MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.