Published: 10/11/2017 Updated: 03/10/2019

CVSS v2 Base Score: 7.8 | Impact Score: 6.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 785

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C

The Debut embedded http server contains a remotely exploitable denial of service where a single malformed HTTP POST request can cause the server to hang until eventually replying (~300 seconds) with an HTTP 500 error. While the server is hung, print jobs over the network are blocked and the web interface is inaccessible. An attacker can continuously send this malformed request to keep the device inaccessible to legitimate traffic.

Vulnerable Product	Search on Vulmon	Subscribe to Product
brother dcp-j132w_firmware

# Exploit Title: Remote un-authenticated DoS in Debut embedded httpd server in Brother printers # Date: 11/02/2017 # Exploit Author: z00n (@0xz00n) # Vendor Homepage: wwwbrother-usacom # Version: <= 120 # CVE : CVE-2017-16249 # #Description: #The Debut embedded http server contains a remotely exploitable denial of service where a singl ...

The Debut embedded http server contains a remotely exploitable denial of service where a single malformed HTTP POST request can cause the server to hang until eventually replying with an HTTP 500 error While the server is hung, print jobs over the network are blocked and the web interface is inaccessible An attacker can continuously send this mal ...

NVD-CWE-noinfo https://www.exploit-db.com/exploits/43119/http://packetstormsecurity.com/files/144908/Debut-Embedded-httpd-1.20-Denial-Of-Service.html https://www.trustwave.com/Resources/SpiderLabs-Blog/Denial-of-Service-Vulnerability-in-Brother-Printers/?page=1&year=0&month=0&LangType=1033 https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2017-017/?fid=10211 https://nvd.nist.gov https://www.exploit-db.com/exploits/43119/

CVE-2017-16249

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect