CVE-2017-11435

EPSS 10.05%
Veröffentlicht 19.07.2017 07:29:00
Zuletzt bearbeitet 13.05.2026 00:24:29
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

The Humax Wi-Fi Router model HG100R-* 2.0.6 is prone to an authentication bypass vulnerability via specially crafted requests to the management console. The bug is exploitable remotely when the router is configured to expose the management console. The router is not validating the session token while returning answers for some methods in url '/api'. An attacker can use this vulnerability to retrieve sensitive information such as private/public IP addresses, SSID names, and passwords.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Humaxdigital ≫ Hg100r Firmware Version2.0.6

Humaxdigital ≫ Hg100r Version-

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	10.05%	0.95

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

https://www.trustwave.com/Resources/Security-Advisories/Advisories/Multiple-Vulnerabilities-in-Humax-Routers/?fid=9700

Broken Link

https://hackertor.com/2017/07/19/na-cve-2017-11435-the-humax-wi-fi-router-model-hg100r-2-0-6-is/

Third Party Advisory

VDB Entry

https://nvd.nist.gov/vuln/detail/CVE-2017-11435

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-11435

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-11435

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2017-11435