Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.8
CVSSv3

CVE-2017-6079

Published: 16/05/2017 Updated: 13/09/2021
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 891
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Edgemarc Firmware

Vulnerability Summary

The HTTP web-management application on Edgewater Networks Edgemarc appliances has a hidden page that allows for user-defined commands such as specific iptables routes, etc., to be set. You can use this page as a web shell essentially to execute commands, though you get no feedback client-side from the web application: if the command is valid, it executes. An example is the wget command. The page that allows this has been confirmed in firmware as old as 2006.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

ribboncommunications edgemarc_firmware -

Vendor Advisories

Check Point Security Alerts: Ribbon Communications EdgeMarc Firmware Command Injection (CVE-2017-6079)
Check Point Reference: CPAI-2017-1804 Date Published: 28 Feb 2024 Severity: Critical ...

Github Repositories

https://github.com/Ondrik8/byPass_AV

NSGenCS(shellssystems/the-birth-of-nsgencs/) Injection PE Injection、DLL Injection、Process Injection、Thread Injection、Code Injection、Shellcode Injection、ELF Injection、Dylib Injection, including 400+Tools and 350+posts Directory PE Injection -> (9)Tools (6)Post DLL Injection (1) Collection (70) Tools (92) Post Process Injection -> (48)

https://github.com/MostafaSoliman/CVE-2017-6079-Blind-Command-Injection-In-Edgewater-Edgemarc-Devices-Exploit

Introduction This exploit was developed based on the technical description by depthsecurity depthsecuritycom/blog/cve-2017-6079-blind-command-injection-in-edgewater-edgemarc-devices Description The HTTP web-management application on Edgewater Networks Edgemarc appliances has a hidden page that allows for user-defined commands suc

https://github.com/alphaSeclab/injection-stuff

PE Injection、DLL Injection、Process Injection、Thread Injection、Code Injection、Shellcode Injection、ELF Injection、Dylib Injection, including 400+Tools and 350+posts

所有收集类项目 Injection PE注入、DLL注入、进程注入、线程注入、代码注入、Shellcode注入、ELF注入、Dylib注入,当前包括400+工具和350+文章,根据功能进行了粗糙的分类 English Version 目录 PE注入 -> (9)工具 (6)文章 DLL注入 (1) 集合 (70) 工具 (92) 文章 进程注入 -> (48)工具 (92)文章

Recent Articles

DDoS attacks in Q4 2021
Securelist • Alexander Gutnikov • 10 Feb 2022

News roundup Q4 2021 saw the appearance of several new DDoS botnets. A zombie network, named Abcbot by researchers, first hit the radar in July, but at the time it was little more than a simple scanner attacking Linux systems by brute-forcing weak passwords and exploiting known vulnerabilities. In October, the botnet was upgraded with DDoS functionality. Then in December, researchers at Cado Security linked the botnet to the Xanthe cryptojacking group. This is further evidence that the same botn...

Read more...

References

NVD-CWE-noinfohttps://depthsecurity.com/blog/cve-2017-6079-blind-command-injection-in-edgewater-edgemarc-deviceshttps://nvd.nist.govhttps://github.com/Ondrik8/byPass_AVhttps://github.com/alphaSeclab/injection-stuffhttps://securelist.com/ddos-attacks-in-q4-2021/105784/https://advisories.checkpoint.com/defense/advisories/public/2024/cpai-2017-1804.html
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4946CVE-2024-30309CVE-2024-4761CVE-2024-30051type confusionmemory leakCVE-2024-30293reflected XSSCVE-2024-3126
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook