Incorrect Default Permissions
CVE-2017-18868
Summary
Digi XBee 2 devices do not have an effective protection mechanism against remote AT commands, because of issues related to the network stack upon which the ZigBee protocol is built.
- LOW
- NETWORK
- HIGH
- CHANGED
- NONE
- LOW
- NONE
- NONE
CWE-276 - Incorrect Default Permissions
During installation, installed file permissions are set to allow anyone to modify those files.
References
Advisory Timeline
- Published