Skip to main content

4K242 Firmware

3 CVEs product

Monthly

CVE-2017-17739 CRITICAL POC THREAT Emergency

The BrightSign Digital Signage (4k242) device (Firmware 6.2.63 and below) has directory traversal via the /storage.html rp parameter, allowing an attacker to read or write to files. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 21.3%.

Path Traversal 4K242 Firmware
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
21.3%
Threat
4.1
CVE-2017-17738 HIGH POC THREAT Act Now

The BrightSign Digital Signage (4k242) device (Firmware 6.2.63 and below) allows renaming and modifying files via /tools.html. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 16.2%.

Information Disclosure 4K242 Firmware
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
16.2%
CVE-2017-17737 MEDIUM POC This Month

The BrightSign Digital Signage (4k242) device (Firmware 6.2.63 and below) has XSS via the REF parameter to /network_diagnostics.html or /storage_info.html. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS 4K242 Firmware
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
0.3%
EPSS 21% 4.1 CVSS 9.8
CRITICAL POC THREAT Emergency

The BrightSign Digital Signage (4k242) device (Firmware 6.2.63 and below) has directory traversal via the /storage.html rp parameter, allowing an attacker to read or write to files. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 21.3%.

Path Traversal 4K242 Firmware
NVD Exploit-DB
EPSS 16% CVSS 7.5
HIGH POC THREAT Act Now

The BrightSign Digital Signage (4k242) device (Firmware 6.2.63 and below) allows renaming and modifying files via /tools.html. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 16.2%.

Information Disclosure 4K242 Firmware
NVD Exploit-DB
EPSS 0% CVSS 6.1
MEDIUM POC This Month

The BrightSign Digital Signage (4k242) device (Firmware 6.2.63 and below) has XSS via the REF parameter to /network_diagnostics.html or /storage_info.html. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS 4K242 Firmware
NVD Exploit-DB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy