Humax HG100R Routers Authentication Bypass (CVE-2017-11435)

An authentication bypass vulnerability exists in Humax HG100R Routers. Successful exploitation of this vulnerability would allow remote attackers to gain unauthorized access into the affected system...

CVE-2017-11435

The Humax Wi-Fi Router model HG100R- 2.0.6 is prone to an authentication bypass vulnerability via specially crafted requests to the management console. The bug is exploitable remotely when the router is configured to expose the management console. The router is not validating the session token...

Authentication flaw

The Humax Wi-Fi Router model HG100R- 2.0.6 is prone to an authentication bypass vulnerability via specially crafted requests to the management console. The bug is exploitable remotely when the router is configured to expose the management console. The router is not validating the session token...

CVE-2017-11435

The Humax HG100R-* router (model HG100R- with firmware 2.0.6) is affected by an authentication bypass vulnerability in the management console. The issue arises because the router does not validate the session token for certain API responses under /api, enabling remote attackers to retrieve sensit...

Humax Wi-Fi Router HG100R Authentication Bypass Vulnerability

Humax Wi-Fi Router HG100R is a router device from Humax Digital, Korea. An authentication bypass vulnerability exists in the Humax Wi-Fi Router HG100R version 2.0.6. An attacker can exploit the vulnerability by sending a specially crafted request to the management console to retrieve sensitive...

CVE-2017-7315

An issue was discovered on Humax Digital HG100R 2.0.6 devices. To download the backup file it's not necessary to use credentials, and the router credentials are stored in plaintext inside the backup, aka GatewaySettings.bin...

Default credentials

An issue was discovered on Humax Digital HG100R 2.0.6 devices. To download the backup file it's not necessary to use credentials, and the router credentials are stored in plaintext inside the backup, aka GatewaySettings.bin...

Cross site scripting

An issue was discovered on Humax Digital HG100R 2.0.6 devices. There is XSS on the 404 page...

CVE-2017-7316

An issue was discovered on Humax Digital HG100R 2.0.6 devices. There is XSS on the 404 page...

CVE-2017-7316

An issue was discovered on Humax Digital HG100R 2.0.6 devices. There is XSS on the 404 page...

CVE-2017-7315

CVE-2017-7315 concerns Humax Digital HG100R devices (version 2.0.6). The vulnerability enables download of the backup file without authentication, and GatewaySettings.bin includes the router credentials in plaintext. This exposes sensitive credentials and configuration to an attacker who can obta...

CVE-2017-7316

CVE-2017-7316 affects Humax Digital HG100R devices running firmware 2.0.6, with a reflected XSS on the 404 page. The NVD entry describes network-exposed XSS that requires user interaction (CVSS3: AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N; base 6.1). Related sources (CNVD/NVD/CVE listings) corroborate t...

CVE-2017-7315

An issue was discovered on Humax Digital HG100R 2.0.6 devices. To download the backup file it's not necessary to use credentials, and the router credentials are stored in plaintext inside the backup, aka GatewaySettings.bin...

CVE-2017-7316

An issue was discovered on Humax Digital HG100R 2.0.6 devices. There is XSS on the 404 page...

Humax Digital HG100R Backup File Download Vulnerability

The Humax Digital HG100R is a router from the Korean company Humax Digital. A security vulnerability exists in the Humax Digital HG100R version 2.0.6. The vulnerability can be exploited by an attacker to download a backup file and obtain the router certificate in plaintext...

Humax Digital HG100R Root Credentials Disclosure Vulnerability

The Humax Digital HG100R is a router from the Korean company Humax Digital. A security vulnerability exists in the Humax Digital HG100R version 2.0.6. The vulnerability can be exploited by an attacker to obtain the root certificate from a backup file...

Humax Digital HG100R Cross-Site Scripting Vulnerability

The Humax Digital HG100R is a router from the Korean company Humax Digital. A cross-site scripting vulnerability exists in the 404 page in version 2.0.6 of the Humax Digital HG100R. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML...

HUMAX Gateway Backup File Download Vulnerability

Humax HG100R devices are prone to a backup file download vulnerability. This file contains sensitive information which may lead to further attacks. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective...

Humax Digital HG100R 2.0.6 XSS / Information Disclosure

Humax Digital HG100R multiple vulnerabilities Device: Humax HG100R Software Version: VER 2.0.6 - Backup file download CVE-2017-7315 An issue was discovered on Humax Digital HG100R 2.0.6 devices, a modem commonly used by ISPs to provide ADSL internet service to household and small business users...

Humax HG100R 2.0.6 - Backup File Download Exploit

Exploit for hardware platform in category web applications coding: utf-8 Exploit Title: Humax Backup file download Date: 29/06/2017 Exploit Author: gambler Vendor Homepage: http://humaxdigital.com Version: VER 2.0.6 Tested on: OSX Linux CVE : CVE-2017-7315 import sys import base64 import shodan...