CyberSec.Space Logo
CVEブラウザに戻る

CVE-2017-7649

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1310%
EPSS Percentile13.13th
Published2017年9月11日
Last Modified2026年5月13日

Vulnerability Description

The network enabled distribution of Kura before 2.1.0 takes control over the device's firewall setup but does not allow IPv6 firewall rules to be configured. Still the Equinox console port 5002 is left open, allowing to log into Kura without any user credentials over unencrypted telnet and executing commands using the Equinox "exec" command. As the process is running as "root" full control over the device can be acquired. IPv6 is also left in auto-configuration mode, accepting router advertisements automatically and assigns a MAC address based IPv6 address.

Affected Platforms (CPE)

📦
Eclipse

Kura

<= 2.0.2

References & Advisories

🔗 https://bugs.eclipse.org/bugs/show_bug.cgi?id=514681
🔗 https://github.com/eclipse/kura/issues/956
🔗 https://bugs.eclipse.org/bugs/show_bug.cgi?id=514681
🔗 https://github.com/eclipse/kura/issues/956

関連する脆弱性情報

CVE-2019-102447.5

In Eclipse Kura versions up to 4.0.0, the Web UI package and component services, the Artemis simple Mqtt component and the emulato...

CVE-2019-102425.3

In Eclipse Kura versions up to 4.0.0, the SkinServlet did not checked the path passed during servlet call, potentially allowing pa...

CVE-2019-102435.3

In Eclipse Kura versions up to 4.0.0, Kura exposes the underlying Ui Web server version in its replies. This can be used as a hint...

CVE-2026-121917.8

A vulnerability was found in Comma AI Openpilot 0.11. This issue affects the function pickle.load/pickle.loads of the file selfdri...