Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2017-14335
HistorySep 12, 2017 - 8:29 a.m.

CVE-2017-14335

2017-09-1208:29:00
CWE-20
[email protected]
web.nvd.nist.gov
49
cve-2017-14335
beijing hanbang hanbanggaoke
input sanitization
admin password change
nvd

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

0.01 Low

EPSS

Percentile

83.6%

JSON

On Beijing Hanbang Hanbanggaoke devices, because user-controlled input is not sufficiently sanitized, sending a PUT request to /ISAPI/Security/users/1 allows an admin password change.

Affected configurations

NVD
Node
hbgkhb7024xt_firmwareMatch-
AND
hbgkhb7024xtMatch-
Node
hbgkhb7032xt_firmwareMatch-
AND
hbgkhb7032xtMatch-
Node
hbgkhb7008t2_firmwareMatch-
AND
hbgkhb7008t2Match-
Node
hbgkhb7016t2_firmwareMatch-
AND
hbgkhb7016t2Match-
Node
hbgkhb7204xt_firmwareMatch-
AND
hbgkhb7204xtMatch-
Node
hbgkhb7208xt_firmwareMatch-
AND
hbgkhb7208xtMatch-
Node
hbgkhb7216xt_firmwareMatch-
AND
hbgkhb7216xtMatch-
Node
hbgkhb7208x3_firmwareMatch-
AND
hbgkhb7208x3Match-
Node
hbgkhb7216x3_firmwareMatch-
AND
hbgkhb7216x3Match-
Node
hbgkhb7204x_firmwareMatch-
AND
hbgkhb7204xMatch-
Node
hbgkhb7208x_firmwareMatch-
AND
hbgkhb7208xMatch-
Node
hbgkhb7216x_firmwareMatch-
AND
hbgkhb7216xMatch-
Node
hbgk7204xr_firmwareMatch-
AND
hbgk7204xrMatch-
Node
hbgk7208xr_firmwareMatch-
AND
hbgk7208xrMatch-
Node
hbgk7216xr_firmwareMatch-
AND
hbgk7216xrMatch-
Node
hbgkhb7004k_firmwareMatch-
AND
hbgkhb7004kMatch-
Node
hbgkhb7004kh_firmwareMatch-
AND
hbgkhb7004khMatch-
Node
hbgkhb7008kc_firmwareMatch-
AND
hbgkhb7008kcMatch-
Node
hbgkhb7008kce_firmwareMatch-
AND
hbgkhb7008kceMatch-
Node
hbgkhb7008kh_firmwareMatch-
AND
hbgkhb7008khMatch-
Node
hbgkhb7008khe_firmwareMatch-
AND
hbgkhb7008kheMatch-
Node
hbgkhb7204kl_firmwareMatch-
AND
hbgkhb7204klMatch-
Node
hbgkhb7204kk_firmwareMatch-
AND
hbgkhb7204kkMatch-
Node
hbgkhb7016lc_firmwareMatch-
AND
hbgkhb7016lcMatch-
Node
hbgkhb7016lh_firmwareMatch-
AND
hbgkhb7016lhMatch-
Node
hbgkhb7116x3_firmwareMatch-
AND
hbgkhb7116x3Match-
Node
hbgkhb7108x3_firmwareMatch-
AND
hbgkhb7108x3Match-
Node
hbgkhb8004_firmwareMatch-
AND
hbgkhb8004Match-
Node
hbgkhb8008_firmwareMatch-
AND
hbgkhb8008Match-
Node
hbgkhb8016_firmwareMatch-
AND
hbgkhb8016Match-
Node
hbgkhb8004r_firmwareMatch-
AND
hbgkhb8004rMatch-
Node
hbgkhb8008r_firmwareMatch-
AND
hbgkhb8008rMatch-
Node
hbgkhb8016r_firmwareMatch-
AND
hbgkhb8016rMatch-
Node
hbgkhb8204h_firmwareMatch-
AND
hbgkhb8204hMatch-
Node
hbgkhb8208h_firmwareMatch-
AND
hbgkhb8208hMatch-
Node
hbgkhb8216h_firmwareMatch-
AND
hbgkhb8216hMatch-
Node
hbgkhb8204hr_firmwareMatch-
AND
hbgkhb8204hrMatch-
Node
hbgkhb8208hr_firmwareMatch-
AND
hbgkhb8208hrMatch-
Node
hbgkhb8216hr_firmwareMatch-
AND
hbgkhb8216hrMatch-
Node
hbgkhb8208x3_firmwareMatch-
AND
hbgkhb8208x3Match-
Node
hbgkhb8216x3_firmwareMatch-
AND
hbgkhb8216x3Match-
Node
hbgkhb8608x3_firmwareMatch-
AND
hbgkhb8608x3Match-
Node
hbgkhb8616x3_firmwareMatch-
AND
hbgkhb8616x3Match-
Node
hbgkhb8808x3_firmwareMatch-
AND
hbgkhb8808x3Match-
Node
hbgkhb8816x3_firmwareMatch-
AND
hbgkhb8816x3Match-
Node
hbgkhb9404x3_firmwareMatch-
AND
hbgkhb9404x3Match-
Node
hbgkhb9408x3_firmwareMatch-
AND
hbgkhb9408x3Match-
Node
hbgkhb9604x3_firmwareMatch-
AND
hbgkhb9604x3Match-
Node
hbgkhb9608x3_firmwareMatch-
AND
hbgkhb9608x3Match-
Node
hbgkhb9012x3_firmwareMatch-
AND
hbgkhb9012x3Match-
Node
hbgkhb9020x3_firmwareMatch-
AND
hbgkhb9020x3Match-
Node
hbgkhb9212x3_firmwareMatch-
AND
hbgkhb9212x3Match-
Node
hbgkhb9220x3_firmwareMatch-
AND
hbgkhb9220x3Match-
Node
hbgkhb7904_firmwareMatch-
AND
hbgkhb7904Match-
Node
hbgkhb7908_firmwareMatch-
AND
hbgkhb7908Match-
Node
hbgkhb7916s_firmwareMatch-
AND
hbgkhb7916sMatch-
Node
hbgkhb7904x_firmwareMatch-
AND
hbgkhb7904xMatch-
Node
hbgkhb7908x_firmwareMatch-
AND
hbgkhb7908xMatch-
Node
hbgkhb7916sx_firmwareMatch-
AND
hbgkhb7916sxMatch-
Node
hbgkhb9904_firmwareMatch-
AND
hbgkhb9904Match-
Node
hbgkhb9908_firmwareMatch-
AND
hbgkhb9908Match-
Node
hbgkhb9912_firmwareMatch-
AND
hbgkhb9912Match-
Node
hbgkhb9916_firmwareMatch-
AND
hbgkhb9916Match-
Node
hbgkhb9924_firmwareMatch-
AND
hbgkhb9924Match-
Node
hbgkhb9932_firmwareMatch-
AND
hbgkhb9932Match-
Node
hbgkhb9808n04_firmwareMatch-
AND
hbgkhb9808n04Match-
Node
hbgkhb9816n08_firmwareMatch-
AND
hbgkhb9816n08Match-
Node
hbgkhb9824n16_firmwareMatch-
AND
hbgkhb9824n16Match-
Node
hbgkhb9832n16_firmwareMatch-
AND
hbgkhb9832n16Match-

Related

seebug 1
prion 1
exploitpack 1
cvelist 1
nvd 1
exploitdb 1
seebug
seebug
Hanbanggaoke IP Camera Arbitrary Password Change(CVE-2017-14335)
2018-04-28 00:00:00
prion
prion
Default credentials
2017-09-12 08:29:00
exploitpack
exploitpack
Hanbanggaoke IP Camera - Arbitrary Password Change
2017-09-11 00:00:00
cvelist
cvelist
CVE-2017-14335
2017-09-12 08:00:00
nvd
nvd
CVE-2017-14335
2017-09-12 08:29:00
exploitdb
exploitdb
Hanbanggaoke IP Camera - Arbitrary Password Change
2017-09-11 00:00:00

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

0.01 Low

EPSS

Percentile

83.6%

JSON
Related for CVE-2017-14335
seebug1prion1exploitpack1cvelist1nvd1exploitdb1