CVE-2017-7315

An issue was discovered on Humax Digital HG100R 2.0.6 devices. To download the backup file it's not necessary to use credentials, and the router credentials are stored in plaintext inside the backup, aka GatewaySettings.bin.
References
Link Resource
http://seclists.org/fulldisclosure/2017/Jun/45 Exploit Mailing List VDB Entry
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:humaxdigital:hg100r_firmware:2.0.6:*:*:*:*:*:*:*
cpe:2.3:h:humaxdigital:hg100r:-:*:*:*:*:*:*:*

Information

Published : 2017-07-03 19:29

Updated : 2019-10-02 17:03


NVD link : CVE-2017-7315

Mitre link : CVE-2017-7315


JSON object : View

CWE
CWE-522

Insufficiently Protected Credentials

CWE-306

Missing Authentication for Critical Function

Advertisement

dedicated server usa

Products Affected

humaxdigital

  • hg100r_firmware
  • hg100r