VAR-201707-1081
Vulnerability from variot - Updated: 2025-04-20 23:27An issue was discovered on Humax Digital HG100R 2.0.6 devices. There is XSS on the 404 page. Humax Digital HG100R Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. The HumaxDigitalHG100R is a router from Humax Digital, Korea. A cross-site scripting vulnerability exists in the 404 page in the HumaxDigitalHG100R version 2.0.6. A remote attacker can exploit this vulnerability to inject arbitrary web scripts or HTML. Humax Digital HG100R multiple vulnerabilities Device: Humax HG100R Software Version: VER 2.0.6
- Backup file download (CVE-2017-7315) An issue was discovered on Humax Digital HG100R 2.0.6 devices, a modem commonly used by ISPs to provide ADSL internet service to household and small business users. (CHECA ESSA INFO) To download the backup file it's not required the use of credentials or any authentication, and the router credentials are stored in plaintext inside the backup.
PoC wget http://192.168.0.1/view/basic/GatewaySettings.bin strings GatewaySettings.bin | grep -A 1 admin
- XSS Reflected(CVE-2017-7316) An issue was discovered on Humax Digital HG100R 2.0.6 devices. DESCREVE BREVEMENTE O QUE A XSS REFLECTED E FALA O QUE PODE FAZER COM O USUARIO USANDO ISSO.
PoC http://192.168.0.1alert('XSS')
- Default credentials to router's web application not declared in the manual(CVE-2017-7317) NAO ENTENDI ESSA FRASE. The attacker can find the root credentials in the backup file.
PoC wget http://192.168.0.1/view/basic/GatewaySettings.bin strings GatewaySettings.bin | grep -A 1 root
Timeline 2017-03-15 - First contact. Ignored by the vendor. 2017-03-21 - Second contact. 2017-03-22 - The vendor answered asking about the vulnerability. 2017-03-27 - Asked the vendor about his security team contact informarion to report the vulnerability. 2017-03-28 - The vendor answered saying that it is an old product, and they will check this vulnerabilities in the news products. 2017-03-28 - Ask the vendor about a patch. 2017-03-30 - Ask the vendor again about the patch. 2017-04-03 - Notified the vendor about the disclousure after 90 days, even without a patch. 2017-04-19 - Ask the vendor about a patch. 2017-05-08 - Ask the vendor about a patch. 2017-06-29 - Disclosure
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201707-1081",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "hg100r",
"scope": "eq",
"trust": 1.6,
"vendor": "humaxdigital",
"version": "2.0.6"
},
{
"model": "hg100r",
"scope": "eq",
"trust": 1.4,
"vendor": "humax",
"version": "2.0.6"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-21544"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005295"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1296"
},
{
"db": "NVD",
"id": "CVE-2017-7316"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:humaxdigital:hg100r_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-005295"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Gambler",
"sources": [
{
"db": "PACKETSTORM",
"id": "143227"
}
],
"trust": 0.1
},
"cve": "CVE-2017-7316",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2017-7316",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2017-21544",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-115519",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"id": "CVE-2017-7316",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-7316",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2017-7316",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2017-21544",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201703-1296",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-115519",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2017-7316",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-21544"
},
{
"db": "VULHUB",
"id": "VHN-115519"
},
{
"db": "VULMON",
"id": "CVE-2017-7316"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005295"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1296"
},
{
"db": "NVD",
"id": "CVE-2017-7316"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered on Humax Digital HG100R 2.0.6 devices. There is XSS on the 404 page. Humax Digital HG100R Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. The HumaxDigitalHG100R is a router from Humax Digital, Korea. A cross-site scripting vulnerability exists in the 404 page in the HumaxDigitalHG100R version 2.0.6. A remote attacker can exploit this vulnerability to inject arbitrary web scripts or HTML. Humax Digital HG100R multiple vulnerabilities\nDevice: Humax HG100R\nSoftware Version: VER 2.0.6\n\n- Backup file download (CVE-2017-7315)\nAn issue was discovered on Humax Digital HG100R 2.0.6 devices, a modem commonly used by ISPs to provide ADSL internet service to household and small business users. (CHECA ESSA INFO)\nTo download the backup file it\u0027s not required the use of credentials or any authentication, and the router credentials are stored in plaintext inside the backup. \n\nPoC\nwget http://192.168.0.1/view/basic/GatewaySettings.bin\nstrings GatewaySettings.bin | grep -A 1 admin\n--------------------------------------------------------------------------------\n\n- XSS Reflected(CVE-2017-7316)\nAn issue was discovered on Humax Digital HG100R 2.0.6 devices. DESCREVE BREVEMENTE O QUE A XSS REFLECTED E FALA O QUE PODE FAZER COM O USUARIO USANDO ISSO. \n\nPoC\nhttp://192.168.0.1\u003cscript\u003ealert(\u0027XSS\u0027)\u003c/script\u003e\n--------------------------------------------------------------------------------\n\n- Default credentials to router\u0027s web application not declared in the manual(CVE-2017-7317) NAO ENTENDI ESSA FRASE. \nThe attacker can find the root credentials in the backup file. \n\nPoC\nwget http://192.168.0.1/view/basic/GatewaySettings.bin\nstrings GatewaySettings.bin | grep -A 1 root\n\n\nTimeline\n2017-03-15 - First contact. Ignored by the vendor. \n2017-03-21 - Second contact. \n2017-03-22 - The vendor answered asking about the vulnerability. \n2017-03-27 - Asked the vendor about his security team contact informarion to report the vulnerability. \n2017-03-28 - The vendor answered saying that it is an old product, and they will check this vulnerabilities in the news products. \n2017-03-28 - Ask the vendor about a patch. \n2017-03-30 - Ask the vendor again about the patch. \n2017-04-03 - Notified the vendor about the disclousure after 90 days, even without a patch. \n2017-04-19 - Ask the vendor about a patch. \n2017-05-08 - Ask the vendor about a patch. \n2017-06-29 - Disclosure",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-7316"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005295"
},
{
"db": "CNVD",
"id": "CNVD-2017-21544"
},
{
"db": "VULHUB",
"id": "VHN-115519"
},
{
"db": "VULMON",
"id": "CVE-2017-7316"
},
{
"db": "PACKETSTORM",
"id": "143227"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-7316",
"trust": 3.3
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005295",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1296",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2017-21544",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "143227",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-115519",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2017-7316",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-21544"
},
{
"db": "VULHUB",
"id": "VHN-115519"
},
{
"db": "VULMON",
"id": "CVE-2017-7316"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005295"
},
{
"db": "PACKETSTORM",
"id": "143227"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1296"
},
{
"db": "NVD",
"id": "CVE-2017-7316"
}
]
},
"id": "VAR-201707-1081",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-21544"
},
{
"db": "VULHUB",
"id": "VHN-115519"
}
],
"trust": 1.2999999999999998
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-21544"
}
]
},
"last_update_date": "2025-04-20T23:27:22.105000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://jp.humaxdigital.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-005295"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-115519"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005295"
},
{
"db": "NVD",
"id": "CVE-2017-7316"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.2,
"url": "http://seclists.org/fulldisclosure/2017/jun/45"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-7316"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-7316"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/79.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://packetstormsecurity.com/files/143227/humax-digital-hg100r-2.0.6-xss-information-disclosure.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-7315"
},
{
"trust": 0.1,
"url": "http://192.168.0.1/view/basic/gatewaysettings.bin"
},
{
"trust": 0.1,
"url": "http://192.168.0.1\u003cscript\u003ealert(\u0027xss\u0027)\u003c/script\u003e"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-21544"
},
{
"db": "VULHUB",
"id": "VHN-115519"
},
{
"db": "VULMON",
"id": "CVE-2017-7316"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005295"
},
{
"db": "PACKETSTORM",
"id": "143227"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1296"
},
{
"db": "NVD",
"id": "CVE-2017-7316"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-21544"
},
{
"db": "VULHUB",
"id": "VHN-115519"
},
{
"db": "VULMON",
"id": "CVE-2017-7316"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005295"
},
{
"db": "PACKETSTORM",
"id": "143227"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1296"
},
{
"db": "NVD",
"id": "CVE-2017-7316"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-21544"
},
{
"date": "2017-07-04T00:00:00",
"db": "VULHUB",
"id": "VHN-115519"
},
{
"date": "2017-07-04T00:00:00",
"db": "VULMON",
"id": "CVE-2017-7316"
},
{
"date": "2017-07-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-005295"
},
{
"date": "2017-07-03T12:12:12",
"db": "PACKETSTORM",
"id": "143227"
},
{
"date": "2017-03-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201703-1296"
},
{
"date": "2017-07-04T02:29:00.223000",
"db": "NVD",
"id": "CVE-2017-7316"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-21544"
},
{
"date": "2017-07-07T00:00:00",
"db": "VULHUB",
"id": "VHN-115519"
},
{
"date": "2017-07-07T00:00:00",
"db": "VULMON",
"id": "CVE-2017-7316"
},
{
"date": "2017-07-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-005295"
},
{
"date": "2017-07-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201703-1296"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2017-7316"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201703-1296"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Humax Digital HG100R Cross-Site Scripting Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-21544"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1296"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201703-1296"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…