cbcvebase.
CVE-2018-15534
published 2018-08-21

CVE-2018-15534: Geutebrueck re_porter 16 before 7.8.974.20 has a possibility of unauthenticated access to sensitive information including usernames and hashes via a direct…

PriorityP272critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
32.45%
98.1th percentile
Geutebrueck re_porter 16 before 7.8.974.20 has a possibility of unauthenticated access to sensitive information including usernames and hashes via a direct request for /statistics/gscsetup.xml on TCP port 12003.

Affected

1 ranges
VendorProductVersion rangeFixed in
geutebrueckre_porter_16_firmware< 7.8.974.207.8.974.20

Detection & IOCsextracted from sources · hover to see the quote

path/statistics/gscsetup.xml
port12003
commandGET /statistics/gscsetup.xml HTTP/1.1
snort
alert http any any -> $HOME_NET any (msg:"ET SCAN Geutebrueck re_porter 7.8.974.20 Information Disclosure"; flow:established,to_server; http.method; content:"GET"; http.uri; content:"/statistics/gscsetup.xml"; reference:cve,2018-15534; reference:url,exploit-db.com/exploits/45240/; classtype:attempted-recon; sid:2026008; rev:2; metadata:attack_target IoT, created_at 2018_08_22, cve CVE_2018_15534, deployment Datacenter, performance_impact Low, confidence Medium, signature_severity Major, updated_at 2020_08_25, mitre_tactic_id TA0007, mitre_tactic_name Discovery, mitre_technique_id T1082, mitre_technique_name System_Information_Discovery;)
  • Monitor for unauthenticated HTTP GET requests to /statistics/gscsetup.xml on TCP port 12003, which discloses usernames and password hashes from Geutebrueck re_porter devices.
  • The Emerging Threats rule (SID 2026008) targets this exploit by matching HTTP GET method combined with URI content /statistics/gscsetup.xml in established inbound flows; deploy on IoT/Datacenter segments.
  • ·The vulnerability affects Geutebrueck re_porter 16 versions prior to 7.8.974.20; ensure detection rules are scoped to the non-standard port 12003 to reduce false positives.

CVSS provenance

nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.