Critical severity9.8NVD Advisory· Published Sep 11, 2017· Updated May 13, 2026

CVE-2017-7649

Description

The network enabled distribution of Kura before 2.1.0 takes control over the device's firewall setup but does not allow IPv6 firewall rules to be configured. Still the Equinox console port 5002 is left open, allowing to log into Kura without any user credentials over unencrypted telnet and executing commands using the Equinox "exec" command. As the process is running as "root" full control over the device can be acquired. IPv6 is also left in auto-configuration mode, accepting router advertisements automatically and assigns a MAC address based IPv6 address.

Affected products

Eclipse/Kura
cpe:2.3:a:eclipse:kura:*:*:*:*:*:*:*:*
Range: <=2.0.2
Eclipse Foundation/Eclipse Kura Installerv5
Range: unspecified

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

bugs.eclipse.org/bugs/show_bug.cginvdThird Party Advisory
github.com/eclipse/kura/issues/956nvdThird Party Advisory

News mentions

No linked articles in our index yet.

cvss	0.637
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000