CVE-2017-11435

The Humax Wi-Fi Router model HG100R-* 2.0.6 is prone to an authentication bypass vulnerability via specially crafted requests to the management console. The bug is exploitable remotely when the router is configured to expose the management console. The router is not validating the session token while returning answers for some methods in url '/api'. An attacker can use this vulnerability to retrieve sensitive information such as private/public IP addresses, SSID names, and passwords.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:humaxdigital:hg100r_firmware:2.0.6:*:*:*:*:*:*:*
cpe:2.3:h:humaxdigital:hg100r:-:*:*:*:*:*:*:*

History

21 Nov 2024, 03:07

Type Values Removed Values Added
References () https://www.trustwave.com/Resources/Security-Advisories/Advisories/Multiple-Vulnerabilities-in-Humax-Routers/?fid=9700 - Broken Link () https://www.trustwave.com/Resources/Security-Advisories/Advisories/Multiple-Vulnerabilities-in-Humax-Routers/?fid=9700 - Broken Link

Information

Published : 2017-07-19 07:29

Updated : 2024-11-21 03:07


NVD link : CVE-2017-11435

Mitre link : CVE-2017-11435

CVE.ORG link : CVE-2017-11435


JSON object : View

Products Affected

humaxdigital

  • hg100r_firmware
  • hg100r
CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor