CVE-2017-7649
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2017-7649
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-7649.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2017-7649
- Published
- 2017-09-11T16:29:00Z
- Modified
- 2025-04-20T04:04:01.179848Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
The network enabled distribution of Kura before 2.1.0 takes control over the device's firewall setup but does not allow IPv6 firewall rules to be configured. Still the Equinox console port 5002 is left open, allowing to log into Kura without any user credentials over unencrypted telnet and executing commands using the Equinox "exec" command. As the process is running as "root" full control over the device can be acquired. IPv6 is also left in auto-configuration mode, accepting router advertisements automatically and assigns a MAC address based IPv6 address.
- References
Affected packages
Git / github.com/eclipse/kura
Affected ranges
- Type
- GIT
- Repo
- https://github.com/eclipse/kura
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affected
Affected versions
Other
BUILD_MARKER
KURA_0.*
KURA_0.7.0_RELEASE
KURA_0.7.1_RELEASE
KURA_1.*
KURA_1.0.0_RELEASE
KURA_1.1.0_RELEASE
KURA_1.1.1_RELEASE
KURA_1.1.2_RC1
KURA_1.1.2_RELEASE
KURA_1.2.0_RC1
KURA_1.2.0_RC2
KURA_1.2.0_RC3
KURA_1.2.0_RC4
KURA_1.2.0_RC5
KURA_1.2.0_RC6
KURA_1.2.0_RELEASE
KURA_1.2.1_RC1
KURA_1.2.1_RC2
KURA_1.2.1_RC3
KURA_1.2.1_RC4
KURA_1.2.1_RELEASE
KURA_1.2.2_RELEASE
KURA_1.3.0_RC1
KURA_1.3.0_RELEASE
KURA_1.4.0_RC1
KURA_1.4.0_RELEASE
KURA_2.*
KURA_2.0.0_RC1
KURA_2.0.0_RELEASE
KURA_2.0.1_RELEASE
KURA_2.0.2_RC1
KURA_2.0.2_RELEASE