CVE-2017-7909
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2017-7909
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
A Use of Client-Side Authentication issue was discovered in Advantech B+B SmartWorx MESR901 firmware versions 1.5.2 and prior. The web interface uses JavaScript to check client authentication and redirect unauthorized users. Attackers may intercept requests and bypass authentication to access restricted web pages.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
使用客户端的认证机制
Source: NVD (National Vulnerability Database)
Vulnerability Title
Advantech B+B SmartWorx MESR901固件安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Advantech B+B SmartWorx MESR901是中国研华(Advantech)公司的串口网关设备。 Advantech B+B SmartWorx MESR901固件1.5.2及之前的版本中存在安全漏洞。攻击者可利用该漏洞拦截请求,绕过身份验证,获取Web页面的访问权限。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| - | Advantech B+B SmartWorx MESR901 | Advantech B+B SmartWorx MESR901 | - |
II. Public POCs for CVE-2017-7909
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2017-7909
Please Login to view more intelligence information
- https://ics-cert.us-cert.gov/advisories/ICSA-17-122-03x_refsource_MISC
- https://nvd.nist.gov/vuln/detail/CVE-2017-7909
Same Patch Batch · n/a · 2017-05-06 · 11 CVEs total
| CVE-2017-6024 | 多款Rockwell Automation产品安全漏洞 | |
| CVE-2017-6029 | Certec EDV GmbH atvise scada 跨站脚本漏洞 | |
| CVE-2017-6031 | Certec EDV GmbH atvise scada 安全漏洞 | |
| CVE-2017-7911 | CyberVision Kaa IoT Platform 代码注入漏洞 | |
| CVE-2017-7921 | 多款Hikvision产品安全漏洞 | |
| CVE-2017-7923 | 多款Hikvision产品安全漏洞 | |
| CVE-2017-7925 | 多款大华产品安全漏洞 | |
| CVE-2017-7927 | 多款大华产品安全漏洞 | |
| CVE-2017-7929 | Advantech WebAccess 路径遍历漏洞 | |
| CVE-2017-8391 | CA Client Automation OS Installation Management组件安全漏洞 |
IV. Related Vulnerabilities
Same vendor: n/a
- CVE-2026-6667
PgBouncer missing authorization check in KILL_CLIENT admin c - CVE-2026-6666
PgBouncer crash in kill_pool_logins_server_error - CVE-2026-6665
PgBouncer buffer overflow in SCRAM - CVE-2026-6664
PgBouncer integer overflow in PgBouncer network packet parsi - CVE-2026-8127
eladmin Users API Endpoint UserController.java checkLevel ac
Same weakness: CWE-603
- CVE-2026-40551
Use of Client-Side Authentication in mpGabinet - CVE-2025-30042
Session generation possible with certificate number only - CVE-2026-1363
JNC|IAQS and I6 - Client-Side Enforcement of Server-Side Sec - CVE-2025-64119
Nuvation Energy BMS Client-side Authentication - CVE-2025-61940
Mirion Medical EC2 Software NMIS BioDose Use of Client-Side
V. Comments for CVE-2017-7909
No comments yet