Search criteria
4 vulnerabilities found for hg100r by humaxdigital
VAR-201707-1082
Vulnerability from variot - Updated: 2025-04-20 23:42An issue was discovered on Humax Digital HG100 2.0.6 devices. The attacker can find the root credentials in the backup file, aka GatewaySettings.bin. Humax Digital HG100 Contains an information disclosure vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The HumaxDigitalHG100R is a router from Humax Digital, Korea. A security vulnerability exists in the HumaxDigitalHG100R version 2.0.6
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201707-1082",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "hg100r",
"scope": "eq",
"trust": 1.6,
"vendor": "humaxdigital",
"version": "2.0.6"
},
{
"model": "hg100r",
"scope": "eq",
"trust": 1.4,
"vendor": "humax",
"version": "2.0.6"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-21545"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005296"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1295"
},
{
"db": "NVD",
"id": "CVE-2017-7317"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:humaxdigital:hg100r_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-005296"
}
]
},
"cve": "CVE-2017-7317",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2017-7317",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-21545",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-115520",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2017-7317",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-7317",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2017-7317",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2017-21545",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201703-1295",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-115520",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2017-7317",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-21545"
},
{
"db": "VULHUB",
"id": "VHN-115520"
},
{
"db": "VULMON",
"id": "CVE-2017-7317"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005296"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1295"
},
{
"db": "NVD",
"id": "CVE-2017-7317"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered on Humax Digital HG100 2.0.6 devices. The attacker can find the root credentials in the backup file, aka GatewaySettings.bin. Humax Digital HG100 Contains an information disclosure vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The HumaxDigitalHG100R is a router from Humax Digital, Korea. A security vulnerability exists in the HumaxDigitalHG100R version 2.0.6",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-7317"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005296"
},
{
"db": "CNVD",
"id": "CNVD-2017-21545"
},
{
"db": "VULHUB",
"id": "VHN-115520"
},
{
"db": "VULMON",
"id": "CVE-2017-7317"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-7317",
"trust": 3.2
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005296",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1295",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2017-21545",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-115520",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2017-7317",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-21545"
},
{
"db": "VULHUB",
"id": "VHN-115520"
},
{
"db": "VULMON",
"id": "CVE-2017-7317"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005296"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1295"
},
{
"db": "NVD",
"id": "CVE-2017-7317"
}
]
},
"id": "VAR-201707-1082",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-21545"
},
{
"db": "VULHUB",
"id": "VHN-115520"
}
],
"trust": 1.2999999999999998
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-21545"
}
]
},
"last_update_date": "2025-04-20T23:42:11.052000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://jp.humaxdigital.com/"
},
{
"title": "TC7337",
"trust": 0.1,
"url": "https://github.com/RioIsDown/TC7337 "
},
{
"title": "HGB10R-2",
"trust": 0.1,
"url": "https://github.com/V1n1v131r4/HGB10R-2 "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2017-7317"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005296"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-115520"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005296"
},
{
"db": "NVD",
"id": "CVE-2017-7317"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.2,
"url": "http://seclists.org/fulldisclosure/2017/jun/45"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-7317"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-7317"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/200.html"
},
{
"trust": 0.1,
"url": "https://github.com/rioisdown/tc7337"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-21545"
},
{
"db": "VULHUB",
"id": "VHN-115520"
},
{
"db": "VULMON",
"id": "CVE-2017-7317"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005296"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1295"
},
{
"db": "NVD",
"id": "CVE-2017-7317"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-21545"
},
{
"db": "VULHUB",
"id": "VHN-115520"
},
{
"db": "VULMON",
"id": "CVE-2017-7317"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005296"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1295"
},
{
"db": "NVD",
"id": "CVE-2017-7317"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-21545"
},
{
"date": "2017-07-04T00:00:00",
"db": "VULHUB",
"id": "VHN-115520"
},
{
"date": "2017-07-04T00:00:00",
"db": "VULMON",
"id": "CVE-2017-7317"
},
{
"date": "2017-07-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-005296"
},
{
"date": "2017-03-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201703-1295"
},
{
"date": "2017-07-04T02:29:00.253000",
"db": "NVD",
"id": "CVE-2017-7317"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-21545"
},
{
"date": "2017-07-07T00:00:00",
"db": "VULHUB",
"id": "VHN-115520"
},
{
"date": "2017-07-07T00:00:00",
"db": "VULMON",
"id": "CVE-2017-7317"
},
{
"date": "2017-07-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-005296"
},
{
"date": "2017-07-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201703-1295"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2017-7317"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201703-1295"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Humax Digital HG100 Vulnerable to information disclosure",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-005296"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201703-1295"
}
],
"trust": 0.6
}
}
VAR-201707-1080
Vulnerability from variot - Updated: 2025-04-20 23:27An issue was discovered on Humax Digital HG100R 2.0.6 devices. To download the backup file it's not necessary to use credentials, and the router credentials are stored in plaintext inside the backup, aka GatewaySettings.bin. Humax Digital HG100R Contains an information disclosure vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The HumaxDigitalHG100R is a router from Humax Digital, Korea. A security vulnerability exists in the HumaxDigitalHG100R version 2.0.6. Humax Digital HG100R multiple vulnerabilities Device: Humax HG100R Software Version: VER 2.0.6
- Backup file download (CVE-2017-7315) An issue was discovered on Humax Digital HG100R 2.0.6 devices, a modem commonly used by ISPs to provide ADSL internet service to household and small business users.
PoC wget http://192.168.0.1/view/basic/GatewaySettings.bin strings GatewaySettings.bin | grep -A 1 admin
- XSS Reflected(CVE-2017-7316) An issue was discovered on Humax Digital HG100R 2.0.6 devices. DESCREVE BREVEMENTE O QUE A XSS REFLECTED E FALA O QUE PODE FAZER COM O USUARIO USANDO ISSO. There is XSS reflected on the 404 page.
PoC http://192.168.0.1alert('XSS')
- Default credentials to router's web application not declared in the manual(CVE-2017-7317) NAO ENTENDI ESSA FRASE.
PoC wget http://192.168.0.1/view/basic/GatewaySettings.bin strings GatewaySettings.bin | grep -A 1 root
Timeline 2017-03-15 - First contact. Ignored by the vendor. 2017-03-21 - Second contact. 2017-03-22 - The vendor answered asking about the vulnerability. 2017-03-27 - Asked the vendor about his security team contact informarion to report the vulnerability. 2017-03-28 - The vendor answered saying that it is an old product, and they will check this vulnerabilities in the news products. 2017-03-28 - Ask the vendor about a patch. 2017-03-30 - Ask the vendor again about the patch. 2017-04-03 - Notified the vendor about the disclousure after 90 days, even without a patch. 2017-04-19 - Ask the vendor about a patch. 2017-05-08 - Ask the vendor about a patch. 2017-06-29 - Disclosure
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201707-1080",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "hg100r",
"scope": "eq",
"trust": 1.6,
"vendor": "humaxdigital",
"version": "2.0.6"
},
{
"model": "hg100r",
"scope": "eq",
"trust": 1.4,
"vendor": "humax",
"version": "2.0.6"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-21541"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005294"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1297"
},
{
"db": "NVD",
"id": "CVE-2017-7315"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:humaxdigital:hg100r_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-005294"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Gambler",
"sources": [
{
"db": "PACKETSTORM",
"id": "143227"
}
],
"trust": 0.1
},
"cve": "CVE-2017-7315",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2017-7315",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-21541",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-115518",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2017-7315",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-7315",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2017-7315",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2017-21541",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201703-1297",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-115518",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-21541"
},
{
"db": "VULHUB",
"id": "VHN-115518"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005294"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1297"
},
{
"db": "NVD",
"id": "CVE-2017-7315"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered on Humax Digital HG100R 2.0.6 devices. To download the backup file it\u0027s not necessary to use credentials, and the router credentials are stored in plaintext inside the backup, aka GatewaySettings.bin. Humax Digital HG100R Contains an information disclosure vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The HumaxDigitalHG100R is a router from Humax Digital, Korea. A security vulnerability exists in the HumaxDigitalHG100R version 2.0.6. Humax Digital HG100R multiple vulnerabilities\nDevice: Humax HG100R\nSoftware Version: VER 2.0.6\n\n- Backup file download (CVE-2017-7315)\nAn issue was discovered on Humax Digital HG100R 2.0.6 devices, a modem commonly used by ISPs to provide ADSL internet service to household and small business users. \n\nPoC\nwget http://192.168.0.1/view/basic/GatewaySettings.bin\nstrings GatewaySettings.bin | grep -A 1 admin\n--------------------------------------------------------------------------------\n\n- XSS Reflected(CVE-2017-7316)\nAn issue was discovered on Humax Digital HG100R 2.0.6 devices. DESCREVE BREVEMENTE O QUE A XSS REFLECTED E FALA O QUE PODE FAZER COM O USUARIO USANDO ISSO. \nThere is XSS reflected on the 404 page. \n\nPoC\nhttp://192.168.0.1\u003cscript\u003ealert(\u0027XSS\u0027)\u003c/script\u003e\n--------------------------------------------------------------------------------\n\n- Default credentials to router\u0027s web application not declared in the manual(CVE-2017-7317) NAO ENTENDI ESSA FRASE. \n\nPoC\nwget http://192.168.0.1/view/basic/GatewaySettings.bin\nstrings GatewaySettings.bin | grep -A 1 root\n\n\nTimeline\n2017-03-15 - First contact. Ignored by the vendor. \n2017-03-21 - Second contact. \n2017-03-22 - The vendor answered asking about the vulnerability. \n2017-03-27 - Asked the vendor about his security team contact informarion to report the vulnerability. \n2017-03-28 - The vendor answered saying that it is an old product, and they will check this vulnerabilities in the news products. \n2017-03-28 - Ask the vendor about a patch. \n2017-03-30 - Ask the vendor again about the patch. \n2017-04-03 - Notified the vendor about the disclousure after 90 days, even without a patch. \n2017-04-19 - Ask the vendor about a patch. \n2017-05-08 - Ask the vendor about a patch. \n2017-06-29 - Disclosure",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-7315"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005294"
},
{
"db": "CNVD",
"id": "CNVD-2017-21541"
},
{
"db": "VULHUB",
"id": "VHN-115518"
},
{
"db": "PACKETSTORM",
"id": "143227"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-7315",
"trust": 3.2
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005294",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1297",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2017-21541",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "143227",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-115518",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-21541"
},
{
"db": "VULHUB",
"id": "VHN-115518"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005294"
},
{
"db": "PACKETSTORM",
"id": "143227"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1297"
},
{
"db": "NVD",
"id": "CVE-2017-7315"
}
]
},
"id": "VAR-201707-1080",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-21541"
},
{
"db": "VULHUB",
"id": "VHN-115518"
}
],
"trust": 1.2999999999999998
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-21541"
}
]
},
"last_update_date": "2025-04-20T23:27:22.141000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://jp.humaxdigital.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-005294"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-306",
"trust": 1.1
},
{
"problemtype": "CWE-522",
"trust": 1.1
},
{
"problemtype": "CWE-200",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-115518"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005294"
},
{
"db": "NVD",
"id": "CVE-2017-7315"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "http://seclists.org/fulldisclosure/2017/jun/45"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-7315"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-7315"
},
{
"trust": 0.1,
"url": "http://192.168.0.1/view/basic/gatewaysettings.bin"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-7316"
},
{
"trust": 0.1,
"url": "http://192.168.0.1\u003cscript\u003ealert(\u0027xss\u0027)\u003c/script\u003e"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-21541"
},
{
"db": "VULHUB",
"id": "VHN-115518"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005294"
},
{
"db": "PACKETSTORM",
"id": "143227"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1297"
},
{
"db": "NVD",
"id": "CVE-2017-7315"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-21541"
},
{
"db": "VULHUB",
"id": "VHN-115518"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005294"
},
{
"db": "PACKETSTORM",
"id": "143227"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1297"
},
{
"db": "NVD",
"id": "CVE-2017-7315"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-21541"
},
{
"date": "2017-07-04T00:00:00",
"db": "VULHUB",
"id": "VHN-115518"
},
{
"date": "2017-07-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-005294"
},
{
"date": "2017-07-03T12:12:12",
"db": "PACKETSTORM",
"id": "143227"
},
{
"date": "2017-03-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201703-1297"
},
{
"date": "2017-07-04T02:29:00.177000",
"db": "NVD",
"id": "CVE-2017-7315"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-21541"
},
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-115518"
},
{
"date": "2017-07-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-005294"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201703-1297"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2017-7315"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201703-1297"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Humax Digital HG100R Vulnerable to information disclosure",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-005294"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201703-1297"
}
],
"trust": 0.6
}
}
VAR-201707-1081
Vulnerability from variot - Updated: 2025-04-20 23:27An issue was discovered on Humax Digital HG100R 2.0.6 devices. There is XSS on the 404 page. Humax Digital HG100R Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. The HumaxDigitalHG100R is a router from Humax Digital, Korea. A cross-site scripting vulnerability exists in the 404 page in the HumaxDigitalHG100R version 2.0.6. A remote attacker can exploit this vulnerability to inject arbitrary web scripts or HTML. Humax Digital HG100R multiple vulnerabilities Device: Humax HG100R Software Version: VER 2.0.6
- Backup file download (CVE-2017-7315) An issue was discovered on Humax Digital HG100R 2.0.6 devices, a modem commonly used by ISPs to provide ADSL internet service to household and small business users. (CHECA ESSA INFO) To download the backup file it's not required the use of credentials or any authentication, and the router credentials are stored in plaintext inside the backup.
PoC wget http://192.168.0.1/view/basic/GatewaySettings.bin strings GatewaySettings.bin | grep -A 1 admin
- XSS Reflected(CVE-2017-7316) An issue was discovered on Humax Digital HG100R 2.0.6 devices. DESCREVE BREVEMENTE O QUE A XSS REFLECTED E FALA O QUE PODE FAZER COM O USUARIO USANDO ISSO.
PoC http://192.168.0.1alert('XSS')
- Default credentials to router's web application not declared in the manual(CVE-2017-7317) NAO ENTENDI ESSA FRASE. The attacker can find the root credentials in the backup file.
PoC wget http://192.168.0.1/view/basic/GatewaySettings.bin strings GatewaySettings.bin | grep -A 1 root
Timeline 2017-03-15 - First contact. Ignored by the vendor. 2017-03-21 - Second contact. 2017-03-22 - The vendor answered asking about the vulnerability. 2017-03-27 - Asked the vendor about his security team contact informarion to report the vulnerability. 2017-03-28 - The vendor answered saying that it is an old product, and they will check this vulnerabilities in the news products. 2017-03-28 - Ask the vendor about a patch. 2017-03-30 - Ask the vendor again about the patch. 2017-04-03 - Notified the vendor about the disclousure after 90 days, even without a patch. 2017-04-19 - Ask the vendor about a patch. 2017-05-08 - Ask the vendor about a patch. 2017-06-29 - Disclosure
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201707-1081",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "hg100r",
"scope": "eq",
"trust": 1.6,
"vendor": "humaxdigital",
"version": "2.0.6"
},
{
"model": "hg100r",
"scope": "eq",
"trust": 1.4,
"vendor": "humax",
"version": "2.0.6"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-21544"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005295"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1296"
},
{
"db": "NVD",
"id": "CVE-2017-7316"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:humaxdigital:hg100r_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-005295"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Gambler",
"sources": [
{
"db": "PACKETSTORM",
"id": "143227"
}
],
"trust": 0.1
},
"cve": "CVE-2017-7316",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2017-7316",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2017-21544",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-115519",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"id": "CVE-2017-7316",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-7316",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2017-7316",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2017-21544",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201703-1296",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-115519",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2017-7316",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-21544"
},
{
"db": "VULHUB",
"id": "VHN-115519"
},
{
"db": "VULMON",
"id": "CVE-2017-7316"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005295"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1296"
},
{
"db": "NVD",
"id": "CVE-2017-7316"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered on Humax Digital HG100R 2.0.6 devices. There is XSS on the 404 page. Humax Digital HG100R Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. The HumaxDigitalHG100R is a router from Humax Digital, Korea. A cross-site scripting vulnerability exists in the 404 page in the HumaxDigitalHG100R version 2.0.6. A remote attacker can exploit this vulnerability to inject arbitrary web scripts or HTML. Humax Digital HG100R multiple vulnerabilities\nDevice: Humax HG100R\nSoftware Version: VER 2.0.6\n\n- Backup file download (CVE-2017-7315)\nAn issue was discovered on Humax Digital HG100R 2.0.6 devices, a modem commonly used by ISPs to provide ADSL internet service to household and small business users. (CHECA ESSA INFO)\nTo download the backup file it\u0027s not required the use of credentials or any authentication, and the router credentials are stored in plaintext inside the backup. \n\nPoC\nwget http://192.168.0.1/view/basic/GatewaySettings.bin\nstrings GatewaySettings.bin | grep -A 1 admin\n--------------------------------------------------------------------------------\n\n- XSS Reflected(CVE-2017-7316)\nAn issue was discovered on Humax Digital HG100R 2.0.6 devices. DESCREVE BREVEMENTE O QUE A XSS REFLECTED E FALA O QUE PODE FAZER COM O USUARIO USANDO ISSO. \n\nPoC\nhttp://192.168.0.1\u003cscript\u003ealert(\u0027XSS\u0027)\u003c/script\u003e\n--------------------------------------------------------------------------------\n\n- Default credentials to router\u0027s web application not declared in the manual(CVE-2017-7317) NAO ENTENDI ESSA FRASE. \nThe attacker can find the root credentials in the backup file. \n\nPoC\nwget http://192.168.0.1/view/basic/GatewaySettings.bin\nstrings GatewaySettings.bin | grep -A 1 root\n\n\nTimeline\n2017-03-15 - First contact. Ignored by the vendor. \n2017-03-21 - Second contact. \n2017-03-22 - The vendor answered asking about the vulnerability. \n2017-03-27 - Asked the vendor about his security team contact informarion to report the vulnerability. \n2017-03-28 - The vendor answered saying that it is an old product, and they will check this vulnerabilities in the news products. \n2017-03-28 - Ask the vendor about a patch. \n2017-03-30 - Ask the vendor again about the patch. \n2017-04-03 - Notified the vendor about the disclousure after 90 days, even without a patch. \n2017-04-19 - Ask the vendor about a patch. \n2017-05-08 - Ask the vendor about a patch. \n2017-06-29 - Disclosure",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-7316"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005295"
},
{
"db": "CNVD",
"id": "CNVD-2017-21544"
},
{
"db": "VULHUB",
"id": "VHN-115519"
},
{
"db": "VULMON",
"id": "CVE-2017-7316"
},
{
"db": "PACKETSTORM",
"id": "143227"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-7316",
"trust": 3.3
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005295",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1296",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2017-21544",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "143227",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-115519",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2017-7316",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-21544"
},
{
"db": "VULHUB",
"id": "VHN-115519"
},
{
"db": "VULMON",
"id": "CVE-2017-7316"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005295"
},
{
"db": "PACKETSTORM",
"id": "143227"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1296"
},
{
"db": "NVD",
"id": "CVE-2017-7316"
}
]
},
"id": "VAR-201707-1081",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-21544"
},
{
"db": "VULHUB",
"id": "VHN-115519"
}
],
"trust": 1.2999999999999998
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-21544"
}
]
},
"last_update_date": "2025-04-20T23:27:22.105000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://jp.humaxdigital.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-005295"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-115519"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005295"
},
{
"db": "NVD",
"id": "CVE-2017-7316"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.2,
"url": "http://seclists.org/fulldisclosure/2017/jun/45"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-7316"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-7316"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/79.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://packetstormsecurity.com/files/143227/humax-digital-hg100r-2.0.6-xss-information-disclosure.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-7315"
},
{
"trust": 0.1,
"url": "http://192.168.0.1/view/basic/gatewaysettings.bin"
},
{
"trust": 0.1,
"url": "http://192.168.0.1\u003cscript\u003ealert(\u0027xss\u0027)\u003c/script\u003e"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-21544"
},
{
"db": "VULHUB",
"id": "VHN-115519"
},
{
"db": "VULMON",
"id": "CVE-2017-7316"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005295"
},
{
"db": "PACKETSTORM",
"id": "143227"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1296"
},
{
"db": "NVD",
"id": "CVE-2017-7316"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-21544"
},
{
"db": "VULHUB",
"id": "VHN-115519"
},
{
"db": "VULMON",
"id": "CVE-2017-7316"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005295"
},
{
"db": "PACKETSTORM",
"id": "143227"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1296"
},
{
"db": "NVD",
"id": "CVE-2017-7316"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-21544"
},
{
"date": "2017-07-04T00:00:00",
"db": "VULHUB",
"id": "VHN-115519"
},
{
"date": "2017-07-04T00:00:00",
"db": "VULMON",
"id": "CVE-2017-7316"
},
{
"date": "2017-07-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-005295"
},
{
"date": "2017-07-03T12:12:12",
"db": "PACKETSTORM",
"id": "143227"
},
{
"date": "2017-03-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201703-1296"
},
{
"date": "2017-07-04T02:29:00.223000",
"db": "NVD",
"id": "CVE-2017-7316"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-21544"
},
{
"date": "2017-07-07T00:00:00",
"db": "VULHUB",
"id": "VHN-115519"
},
{
"date": "2017-07-07T00:00:00",
"db": "VULMON",
"id": "CVE-2017-7316"
},
{
"date": "2017-07-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-005295"
},
{
"date": "2017-07-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201703-1296"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2017-7316"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201703-1296"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Humax Digital HG100R Cross-Site Scripting Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-21544"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1296"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201703-1296"
}
],
"trust": 0.6
}
}
VAR-201707-0540
Vulnerability from variot - Updated: 2025-04-20 21:28The Humax Wi-Fi Router model HG100R-* 2.0.6 is prone to an authentication bypass vulnerability via specially crafted requests to the management console. The bug is exploitable remotely when the router is configured to expose the management console. The router is not validating the session token while returning answers for some methods in url '/api'. An attacker can use this vulnerability to retrieve sensitive information such as private/public IP addresses, SSID names, and passwords. The HumaxWi-FiRouterHG100R is a router device from Humax Digital, Korea. An authentication bypass vulnerability exists in the HumaxWi-FiRouterHG100R version 2.0.6
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201707-0540",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "hg100r",
"scope": "eq",
"trust": 1.4,
"vendor": "humax",
"version": "2.0.6"
},
{
"model": "hg100r",
"scope": "eq",
"trust": 1.0,
"vendor": "humaxdigital",
"version": "2.0.6"
},
{
"model": "digital wi-fi router hg100r",
"scope": "eq",
"trust": 0.6,
"vendor": "humax",
"version": "2.0.6"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-21709"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005960"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-914"
},
{
"db": "NVD",
"id": "CVE-2017-11435"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:humaxdigital:hg100r_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-005960"
}
]
},
"cve": "CVE-2017-11435",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2017-11435",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-21709",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-101857",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2017-11435",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-11435",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-11435",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2017-11435",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2017-21709",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201707-914",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-101857",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-21709"
},
{
"db": "VULHUB",
"id": "VHN-101857"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005960"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-914"
},
{
"db": "NVD",
"id": "CVE-2017-11435"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Humax Wi-Fi Router model HG100R-* 2.0.6 is prone to an authentication bypass vulnerability via specially crafted requests to the management console. The bug is exploitable remotely when the router is configured to expose the management console. The router is not validating the session token while returning answers for some methods in url \u0027/api\u0027. An attacker can use this vulnerability to retrieve sensitive information such as private/public IP addresses, SSID names, and passwords. The HumaxWi-FiRouterHG100R is a router device from Humax Digital, Korea. An authentication bypass vulnerability exists in the HumaxWi-FiRouterHG100R version 2.0.6",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-11435"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005960"
},
{
"db": "CNVD",
"id": "CNVD-2017-21709"
},
{
"db": "VULHUB",
"id": "VHN-101857"
}
],
"trust": 2.25
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-101857",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-101857"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-11435",
"trust": 3.2
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005960",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201707-914",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2017-21709",
"trust": 0.6
},
{
"db": "OTHER",
"id": "NONE",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "42732",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-101857",
"trust": 0.1
}
],
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "CNVD",
"id": "CNVD-2017-21709"
},
{
"db": "VULHUB",
"id": "VHN-101857"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005960"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-914"
},
{
"db": "NVD",
"id": "CVE-2017-11435"
}
]
},
"id": "VAR-201707-0540",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "CNVD",
"id": "CNVD-2017-21709"
},
{
"db": "VULHUB",
"id": "VHN-101857"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"network device"
],
"sub_category": "Wi-Fi router",
"trust": 0.1
}
],
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "CNVD",
"id": "CNVD-2017-21709"
}
]
},
"last_update_date": "2025-04-20T21:28:13.225000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://jp.humaxdigital.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-005960"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-101857"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005960"
},
{
"db": "NVD",
"id": "CVE-2017-11435"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "https://hackertor.com/2017/07/19/na-cve-2017-11435-the-humax-wi-fi-router-model-hg100r-2-0-6-is/"
},
{
"trust": 1.7,
"url": "https://www.trustwave.com/resources/security-advisories/advisories/multiple-vulnerabilities-in-humax-routers/?fid=9700"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-11435"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-11435"
},
{
"trust": 0.1,
"url": "https://ieeexplore.ieee.org/abstract/document/10769424"
}
],
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "CNVD",
"id": "CNVD-2017-21709"
},
{
"db": "VULHUB",
"id": "VHN-101857"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005960"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-914"
},
{
"db": "NVD",
"id": "CVE-2017-11435"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "OTHER",
"id": null
},
{
"db": "CNVD",
"id": "CNVD-2017-21709"
},
{
"db": "VULHUB",
"id": "VHN-101857"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005960"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-914"
},
{
"db": "NVD",
"id": "CVE-2017-11435"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-21709"
},
{
"date": "2017-07-19T00:00:00",
"db": "VULHUB",
"id": "VHN-101857"
},
{
"date": "2017-08-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-005960"
},
{
"date": "2017-07-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201707-914"
},
{
"date": "2017-07-19T07:29:00.220000",
"db": "NVD",
"id": "CVE-2017-11435"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-21709"
},
{
"date": "2017-07-25T00:00:00",
"db": "VULHUB",
"id": "VHN-101857"
},
{
"date": "2017-08-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-005960"
},
{
"date": "2021-06-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201707-914"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2017-11435"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201707-914"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Humax Wi-Fi Router model HG100R Vulnerabilities that bypass authentication",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-005960"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201707-914"
}
],
"trust": 0.6
}
}