{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-20T18:00:08.675","vulnerabilities":[{"cve":{"id":"CVE-2017-6094","sourceIdentifier":"cve@mitre.org","published":"2017-12-20T20:29:00.573","lastModified":"2025-04-20T01:37:25.860","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"CPEs used by subscribers on the access network receive their individual configuration settings from a central GAPS instance. A CPE identifies itself by the MAC address of its WAN interface and a certain \"chk\" value (48bit) derived from the MAC. The algorithm used to compute the \"chk\" was disclosed by reverse engineering the CPE's firmware. As a result, it is possible to forge valid \"chk\" values for any given MAC address and therefore receive the configuration settings of other subscribers' CPEs. The configuration settings often contain sensitive values, for example credentials (username/password) for VoIP services. This issue affects Genexis B.V. GAPS up to 7.2."},{"lang":"es","value":"Los CPE utilizados por los suscriptores en la red de acceso reciben su configuración individual desde una instancia GAPS central. Un CPE se identifica por la dirección MAC de su interfaz WAN y un valor determinado \"chk\" (48bit) derivado del MAC. El algoritmo utilizado para calcular el \"chk\" fue revelado mediante ingeniería inversa en el firmware del CPE. Como resultado, es posible forjar valores \"chk\" válidos para cualquier dirección MAC dada y por lo tanto recibir los ajustes de configuración de CPE de otros suscriptores. Los ajustes de configuración suelen contener valores sensibles, por ejemplo, credenciales (nombre de usuario/contraseña) para servicios VoIP. Esta situación afecta a Genexis B. V. GAPS hasta la versión 7.2."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:genexis:gaps:*:*:*:*:*:*:*:*","versionEndExcluding":"7.2","matchCriteriaId":"B390447F-1540-4A24-AD01-57E95DF00953"}]}]}],"references":[{"url":"http://seclists.org/fulldisclosure/2017/Dec/62","source":"cve@mitre.org","tags":["Exploit","Mailing List","Mitigation","Third Party Advisory"]},{"url":"http://seclists.org/fulldisclosure/2017/Dec/62","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Mailing List","Mitigation","Third Party Advisory"]}]}}]}