Unrated severityNVD Advisory· Published Dec 31, 2002· Updated Apr 16, 2026

CVE-2002-2170

Description

Working Resources Inc. BadBlue Enterprise Edition 1.7 through 1.74 attempts to restrict administrator actions to the IP address of the local host, but does not provide additional authentication, which allows remote attackers to execute arbitrary code via a web page containing an HTTP POST request that accesses the dir.hts page on the localhost and adds an entire hard drive to be shared.

Affected products

Working Resources Inc./Badblue4 versions
cpe:2.3:a:working_resources_inc.:badblue:enterprise_1.7:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:a:working_resources_inc.:badblue:enterprise_1.7:*:*:*:*:*:*:*
- cpe:2.3:a:working_resources_inc.:badblue:enterprise_1.7.2:*:*:*:*:*:*:*
- cpe:2.3:a:working_resources_inc.:badblue:enterprise_1.7.3:*:*:*:*:*:*:*
- cpe:2.3:a:working_resources_inc.:badblue:enterprise_1.7.4:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.009
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000