Very Low
CVE-2017-16249
CVE ID
AttackerKB requires a CVE ID in order to pull vulnerability data and references from the CVE list and the National Vulnerability Database. If available, please supply below:
Add References:
Very Low
(1 user assessed)
Very High
(1 user assessed)Unknown
Unknown
Unknown
CVE-2017-16249
MITRE ATT&CK
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Topic Tags
Description
The Debut embedded http server contains a remotely exploitable denial of service where a single malformed HTTP POST request can cause the server to hang until eventually replying (~300 seconds) with an HTTP 500 error. While the server is hung, print jobs over the network are blocked and the web interface is inaccessible. An attacker can continuously send this malformed request to keep the device inaccessible to legitimate traffic.
Add Assessment
Ratings
-
Attacker ValueVery Low
-
ExploitabilityVery High
Technical Analysis
Debut makes an embedded http server which is likely on ‘dumb’ devices which need a web server for configuration such as Brother and HP printers. Exploitation is trivial, just send 40 characters of data in a POST request w/o authentication, and the service will crash. Since these devices are typically cheap and ‘dumb’, crashing the http server will most likely also cause the entire device to reboot, or require a watchdog service to restart the http server. Isn’t much to gain here though since you’re simply crashing a service. DoS printers, save trees?
However, of note, these devices may not include a firmware update mechanism, and may therefore be vulnerable for life, such as my Brother HL-L2380DW.
Would you also like to delete your Exploited in the Wild Report?
Delete Assessment Only Delete Assessment and Exploited in the Wild ReportCVSS V3 Severity and Metrics
General Information
Vendors
Products
References
Miscellaneous
Additional Info
Technical Analysis
Report as Emergent Threat Response
Report as Zero-day Exploit
Report as Exploited in the Wild
CVE ID
AttackerKB requires a CVE ID in order to pull vulnerability data and references from the CVE list and the National Vulnerability Database. If available, please supply below:
