CVE-2017-7315

Exploit

EPSS 0.89%
Veröffentlicht 04.07.2017 02:29:00
Zuletzt bearbeitet 20.04.2025 01:37:25
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

An issue was discovered on Humax Digital HG100R 2.0.6 devices. To download the backup file it's not necessary to use credentials, and the router credentials are stored in plaintext inside the backup, aka GatewaySettings.bin.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 2 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Humaxdigital ≫ Hg100r Firmware Version2.0.6

Humaxdigital ≫ Hg100r Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.89%	0.734

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	10	10	10	AV:N/AC:L/Au:N/C:C/I:C/A:C

CWE-306 Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

CWE-522 Insufficiently Protected Credentials

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

http://seclists.org/fulldisclosure/2017/Jun/45

Exploit

VDB Entry

Mailing List

https://nvd.nist.gov/vuln/detail/CVE-2017-7315

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-7315

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-7315

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2017-7315