Skip to main content
CVE-2017-16934 CRITICAL POC THREAT Emergency

The web server on DBL DBLTek devices allows remote attackers to execute arbitrary OS commands by obtaining the admin password via a frame.html?content=/dev/mtdblock/5 request, and then using this. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 18.4%.

Command Injection Web Server
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
18.4%
Threat
4.0
CVE-2017-16935 CRITICAL POC Act Now

Ametys before 4.0.3 requires authentication only for URIs containing a /cms/ substring, which allows remote attackers to bypass intended access restrictions via a direct request to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ametys
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
7.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy