Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
4 vulnerabilities found for s00111_firmware by starry
CVE-2017-13718 (GCVE-0-2017-13718)
Vulnerability from nvd – Published: 2019-06-10 21:31 – Updated: 2024-08-05 19:05
VLAI?
Summary
The HTTP API supported by Starry Station (aka Starry Router) allows brute forcing the PIN setup by the user on the device, and this allows an attacker to change the Wi-Fi settings and PIN, as well as port forward and expose any internal device's port to the Internet. It was identified that the device uses custom Python code called "rodman" that allows the mobile appication to interact with the device. The APIs that are a part of this rodman Python file allow the mobile application to interact with the device using a secret, which is a uuid4 based session identifier generated by the device the first time it is set up. However, in some cases, these APIs can also use a security code. This security code is nothing but the PIN number set by the user to interact with the device when using the touch interface on the router. This allows an attacker on the Internet to interact with the router's HTTP interface when a user navigates to the attacker's website, and brute force the credentials. Also, since the device's server sets the Access-Control-Allow-Origin header to "*", an attacker can easily interact with the JSON payload returned by the device and steal sensitive information about the device.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Date Public ?
2019-06-07 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:05:19.921Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20190609 Newly releases IoT security issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Jun/8"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/ethanhunnt/IoT_vulnerabilities/blob/master/Starry_sec_issues.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/153240/Starry-Router-Camera-PIN-Brute-Force-CORS-Incorrect.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-06-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The HTTP API supported by Starry Station (aka Starry Router) allows brute forcing the PIN setup by the user on the device, and this allows an attacker to change the Wi-Fi settings and PIN, as well as port forward and expose any internal device\u0027s port to the Internet. It was identified that the device uses custom Python code called \"rodman\" that allows the mobile appication to interact with the device. The APIs that are a part of this rodman Python file allow the mobile application to interact with the device using a secret, which is a uuid4 based session identifier generated by the device the first time it is set up. However, in some cases, these APIs can also use a security code. This security code is nothing but the PIN number set by the user to interact with the device when using the touch interface on the router. This allows an attacker on the Internet to interact with the router\u0027s HTTP interface when a user navigates to the attacker\u0027s website, and brute force the credentials. Also, since the device\u0027s server sets the Access-Control-Allow-Origin header to \"*\", an attacker can easily interact with the JSON payload returned by the device and steal sensitive information about the device."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-10T22:06:06.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20190609 Newly releases IoT security issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Jun/8"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ethanhunnt/IoT_vulnerabilities/blob/master/Starry_sec_issues.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/153240/Starry-Router-Camera-PIN-Brute-Force-CORS-Incorrect.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-13718",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The HTTP API supported by Starry Station (aka Starry Router) allows brute forcing the PIN setup by the user on the device, and this allows an attacker to change the Wi-Fi settings and PIN, as well as port forward and expose any internal device\u0027s port to the Internet. It was identified that the device uses custom Python code called \"rodman\" that allows the mobile appication to interact with the device. The APIs that are a part of this rodman Python file allow the mobile application to interact with the device using a secret, which is a uuid4 based session identifier generated by the device the first time it is set up. However, in some cases, these APIs can also use a security code. This security code is nothing but the PIN number set by the user to interact with the device when using the touch interface on the router. This allows an attacker on the Internet to interact with the router\u0027s HTTP interface when a user navigates to the attacker\u0027s website, and brute force the credentials. Also, since the device\u0027s server sets the Access-Control-Allow-Origin header to \"*\", an attacker can easily interact with the JSON payload returned by the device and steal sensitive information about the device."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20190609 Newly releases IoT security issues",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Jun/8"
},
{
"name": "https://github.com/ethanhunnt/IoT_vulnerabilities/blob/master/Starry_sec_issues.pdf",
"refsource": "MISC",
"url": "https://github.com/ethanhunnt/IoT_vulnerabilities/blob/master/Starry_sec_issues.pdf"
},
{
"name": "http://packetstormsecurity.com/files/153240/Starry-Router-Camera-PIN-Brute-Force-CORS-Incorrect.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/153240/Starry-Router-Camera-PIN-Brute-Force-CORS-Incorrect.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-13718",
"datePublished": "2019-06-10T21:31:30.000Z",
"dateReserved": "2017-08-28T00:00:00.000Z",
"dateUpdated": "2024-08-05T19:05:19.921Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-13717 (GCVE-0-2017-13717)
Vulnerability from nvd – Published: 2019-06-10 21:35 – Updated: 2024-08-05 19:05
VLAI?
Summary
Starry Station (aka Starry Router) sets the Access-Control-Allow-Origin header to "*". This allows any hosted file on any domain to make calls to the device's webserver and brute force the credentials and pull any information that is stored on the device. In this case, a user's Wi-Fi credentials are stored in clear text on the device and can be pulled easily.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Date Public ?
2019-06-07 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:05:19.979Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20190609 Newly releases IoT security issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Jun/8"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/ethanhunnt/IoT_vulnerabilities/blob/master/Starry_sec_issues.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/153240/Starry-Router-Camera-PIN-Brute-Force-CORS-Incorrect.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-06-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Starry Station (aka Starry Router) sets the Access-Control-Allow-Origin header to \"*\". This allows any hosted file on any domain to make calls to the device\u0027s webserver and brute force the credentials and pull any information that is stored on the device. In this case, a user\u0027s Wi-Fi credentials are stored in clear text on the device and can be pulled easily."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-10T22:06:06.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20190609 Newly releases IoT security issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Jun/8"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ethanhunnt/IoT_vulnerabilities/blob/master/Starry_sec_issues.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/153240/Starry-Router-Camera-PIN-Brute-Force-CORS-Incorrect.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-13717",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Starry Station (aka Starry Router) sets the Access-Control-Allow-Origin header to \"*\". This allows any hosted file on any domain to make calls to the device\u0027s webserver and brute force the credentials and pull any information that is stored on the device. In this case, a user\u0027s Wi-Fi credentials are stored in clear text on the device and can be pulled easily."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20190609 Newly releases IoT security issues",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Jun/8"
},
{
"name": "https://github.com/ethanhunnt/IoT_vulnerabilities/blob/master/Starry_sec_issues.pdf",
"refsource": "MISC",
"url": "https://github.com/ethanhunnt/IoT_vulnerabilities/blob/master/Starry_sec_issues.pdf"
},
{
"name": "http://packetstormsecurity.com/files/153240/Starry-Router-Camera-PIN-Brute-Force-CORS-Incorrect.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/153240/Starry-Router-Camera-PIN-Brute-Force-CORS-Incorrect.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-13717",
"datePublished": "2019-06-10T21:35:19.000Z",
"dateReserved": "2017-08-28T00:00:00.000Z",
"dateUpdated": "2024-08-05T19:05:19.979Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-13717 (GCVE-0-2017-13717)
Vulnerability from cvelistv5 – Published: 2019-06-10 21:35 – Updated: 2024-08-05 19:05
VLAI?
Summary
Starry Station (aka Starry Router) sets the Access-Control-Allow-Origin header to "*". This allows any hosted file on any domain to make calls to the device's webserver and brute force the credentials and pull any information that is stored on the device. In this case, a user's Wi-Fi credentials are stored in clear text on the device and can be pulled easily.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Date Public ?
2019-06-07 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:05:19.979Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20190609 Newly releases IoT security issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Jun/8"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/ethanhunnt/IoT_vulnerabilities/blob/master/Starry_sec_issues.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/153240/Starry-Router-Camera-PIN-Brute-Force-CORS-Incorrect.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-06-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Starry Station (aka Starry Router) sets the Access-Control-Allow-Origin header to \"*\". This allows any hosted file on any domain to make calls to the device\u0027s webserver and brute force the credentials and pull any information that is stored on the device. In this case, a user\u0027s Wi-Fi credentials are stored in clear text on the device and can be pulled easily."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-10T22:06:06.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20190609 Newly releases IoT security issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Jun/8"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ethanhunnt/IoT_vulnerabilities/blob/master/Starry_sec_issues.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/153240/Starry-Router-Camera-PIN-Brute-Force-CORS-Incorrect.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-13717",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Starry Station (aka Starry Router) sets the Access-Control-Allow-Origin header to \"*\". This allows any hosted file on any domain to make calls to the device\u0027s webserver and brute force the credentials and pull any information that is stored on the device. In this case, a user\u0027s Wi-Fi credentials are stored in clear text on the device and can be pulled easily."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20190609 Newly releases IoT security issues",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Jun/8"
},
{
"name": "https://github.com/ethanhunnt/IoT_vulnerabilities/blob/master/Starry_sec_issues.pdf",
"refsource": "MISC",
"url": "https://github.com/ethanhunnt/IoT_vulnerabilities/blob/master/Starry_sec_issues.pdf"
},
{
"name": "http://packetstormsecurity.com/files/153240/Starry-Router-Camera-PIN-Brute-Force-CORS-Incorrect.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/153240/Starry-Router-Camera-PIN-Brute-Force-CORS-Incorrect.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-13717",
"datePublished": "2019-06-10T21:35:19.000Z",
"dateReserved": "2017-08-28T00:00:00.000Z",
"dateUpdated": "2024-08-05T19:05:19.979Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-13718 (GCVE-0-2017-13718)
Vulnerability from cvelistv5 – Published: 2019-06-10 21:31 – Updated: 2024-08-05 19:05
VLAI?
Summary
The HTTP API supported by Starry Station (aka Starry Router) allows brute forcing the PIN setup by the user on the device, and this allows an attacker to change the Wi-Fi settings and PIN, as well as port forward and expose any internal device's port to the Internet. It was identified that the device uses custom Python code called "rodman" that allows the mobile appication to interact with the device. The APIs that are a part of this rodman Python file allow the mobile application to interact with the device using a secret, which is a uuid4 based session identifier generated by the device the first time it is set up. However, in some cases, these APIs can also use a security code. This security code is nothing but the PIN number set by the user to interact with the device when using the touch interface on the router. This allows an attacker on the Internet to interact with the router's HTTP interface when a user navigates to the attacker's website, and brute force the credentials. Also, since the device's server sets the Access-Control-Allow-Origin header to "*", an attacker can easily interact with the JSON payload returned by the device and steal sensitive information about the device.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Date Public ?
2019-06-07 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:05:19.921Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20190609 Newly releases IoT security issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Jun/8"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/ethanhunnt/IoT_vulnerabilities/blob/master/Starry_sec_issues.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/153240/Starry-Router-Camera-PIN-Brute-Force-CORS-Incorrect.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-06-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The HTTP API supported by Starry Station (aka Starry Router) allows brute forcing the PIN setup by the user on the device, and this allows an attacker to change the Wi-Fi settings and PIN, as well as port forward and expose any internal device\u0027s port to the Internet. It was identified that the device uses custom Python code called \"rodman\" that allows the mobile appication to interact with the device. The APIs that are a part of this rodman Python file allow the mobile application to interact with the device using a secret, which is a uuid4 based session identifier generated by the device the first time it is set up. However, in some cases, these APIs can also use a security code. This security code is nothing but the PIN number set by the user to interact with the device when using the touch interface on the router. This allows an attacker on the Internet to interact with the router\u0027s HTTP interface when a user navigates to the attacker\u0027s website, and brute force the credentials. Also, since the device\u0027s server sets the Access-Control-Allow-Origin header to \"*\", an attacker can easily interact with the JSON payload returned by the device and steal sensitive information about the device."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-10T22:06:06.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20190609 Newly releases IoT security issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Jun/8"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ethanhunnt/IoT_vulnerabilities/blob/master/Starry_sec_issues.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/153240/Starry-Router-Camera-PIN-Brute-Force-CORS-Incorrect.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-13718",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The HTTP API supported by Starry Station (aka Starry Router) allows brute forcing the PIN setup by the user on the device, and this allows an attacker to change the Wi-Fi settings and PIN, as well as port forward and expose any internal device\u0027s port to the Internet. It was identified that the device uses custom Python code called \"rodman\" that allows the mobile appication to interact with the device. The APIs that are a part of this rodman Python file allow the mobile application to interact with the device using a secret, which is a uuid4 based session identifier generated by the device the first time it is set up. However, in some cases, these APIs can also use a security code. This security code is nothing but the PIN number set by the user to interact with the device when using the touch interface on the router. This allows an attacker on the Internet to interact with the router\u0027s HTTP interface when a user navigates to the attacker\u0027s website, and brute force the credentials. Also, since the device\u0027s server sets the Access-Control-Allow-Origin header to \"*\", an attacker can easily interact with the JSON payload returned by the device and steal sensitive information about the device."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20190609 Newly releases IoT security issues",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Jun/8"
},
{
"name": "https://github.com/ethanhunnt/IoT_vulnerabilities/blob/master/Starry_sec_issues.pdf",
"refsource": "MISC",
"url": "https://github.com/ethanhunnt/IoT_vulnerabilities/blob/master/Starry_sec_issues.pdf"
},
{
"name": "http://packetstormsecurity.com/files/153240/Starry-Router-Camera-PIN-Brute-Force-CORS-Incorrect.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/153240/Starry-Router-Camera-PIN-Brute-Force-CORS-Incorrect.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-13718",
"datePublished": "2019-06-10T21:31:30.000Z",
"dateReserved": "2017-08-28T00:00:00.000Z",
"dateUpdated": "2024-08-05T19:05:19.921Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}