cbcvebase.
CVE-2017-9097
published 2017-06-16

CVE-2017-9097: In Anti-Web through 3.8.7, as used on NetBiter FGW200 devices through 3.21.2, WS100 devices through 3.30.5, EC150 devices through 1.40.0, WS200 devices through…

PriorityP259critical9.1CVSS 3.0
AVNACLPRNUINSUCHIHAN
EPSS
3.73%
88.5th percentile
In Anti-Web through 3.8.7, as used on NetBiter FGW200 devices through 3.21.2, WS100 devices through 3.30.5, EC150 devices through 1.40.0, WS200 devices through 3.30.4, EC250 devices through 1.40.0, and other products, an LFI vulnerability allows a remote attacker to read or modify files through a path traversal technique, as demonstrated by reading the password file, or using the template parameter to cgi-bin/write.cgi to write to an arbitrary file.

Affected

11 ranges
VendorProductVersion rangeFixed in
hoytechantiweb<= 3.8.7
hoytechantiweb
hoytechantiweb
hoytechantiweb
hoytechantiweb
hoytechantiweb
hoytechantiweb
hoytechantiweb
hoytechantiweb
hoytechantiweb
hoytechantiweb

CVSS provenance

nvdv3.09.1CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
nvdv2.06.4MEDIUMAV:N/AC:L/Au:N/C:P/I:P/A:N
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.