Login Sign Up

CVE-2017-10900

9.8 CRITICAL
Authentication Bypass

📋 TL;DR

CVE-2017-10900 is an access control bypass vulnerability in PTW-WMS1 firmware that allows remote attackers to bypass authentication and access or delete data on the device's storage. This affects PTW-WMS1 devices running firmware version 2.000.012. Attackers can exploit this without authentication to compromise data integrity and confidentiality.

💻 Affected Systems

Products:
  • PTW-WMS1
Versions: 2.000.012
Operating Systems: Embedded firmware
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects the specific firmware version mentioned. Other versions may or may not be vulnerable.

📦 What is this software?

Ptw Wms1 Firmware by Princeton

View all CVEs affecting Ptw Wms1 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of all data on the device's disk, including potential deletion of critical files, exposure of sensitive information, and possible device takeover leading to further network attacks.

🟠

Likely Case

Unauthorized access to stored data, potential data theft or deletion, and disruption of device functionality.

🟢

If Mitigated

Limited impact if device is isolated from untrusted networks and has proper access controls, though vulnerability remains present.

🌐 Internet-Facing: HIGH - Remote attackers can exploit this without authentication, making internet-exposed devices extremely vulnerable.
🏢 Internal Only: MEDIUM - Internal attackers or compromised internal systems could exploit this, but requires network access to the device.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

The vulnerability description indicates unspecified vectors, suggesting multiple potential exploitation methods. The high CVSS score suggests relatively easy exploitation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Versions after 2.000.012

Vendor Advisory: https://jvn.jp/en/jp/JVN98295787/index.html

Restart Required: Yes

Instructions:

1. Check current firmware version. 2. Download latest firmware from vendor. 3. Apply firmware update following vendor instructions. 4. Reboot device. 5. Verify update was successful.

🔧 Temporary Workarounds

Network Isolation

all

Isolate PTW-WMS1 devices from untrusted networks and restrict access to authorized IPs only.

Access Control Lists

all

Implement strict firewall rules to limit access to the device's management interface.

🧯 If You Can't Patch

  • Remove device from internet-facing networks immediately
  • Implement strict network segmentation and monitor all traffic to/from the device

🔍 How to Verify

Check if Vulnerable:

Check device firmware version via web interface or console. If version is exactly 2.000.012, device is vulnerable.

Check Version:

Check via device web interface or vendor-specific CLI commands

Verify Fix Applied:

Verify firmware version is no longer 2.000.012. Test authentication requirements for data access functions.

📡 Detection & Monitoring

Log Indicators:

  • Unauthorized access attempts to data endpoints
  • Failed authentication followed by successful data access
  • Unusual file access patterns

Network Indicators:

  • Unusual traffic to device data endpoints from unauthorized sources
  • Data exfiltration patterns

SIEM Query:

source_ip=* AND dest_ip=PTW-WMS1_IP AND (uri_contains="data" OR uri_contains="disk") AND NOT user_authenticated

📊 Metadata

CVE ID: CVE-2017-10900
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Published: December 1, 2017
Last Updated: April 20, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON