Published: 19/07/2017 Updated: 21/06/2021

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 755

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

The Humax Wi-Fi Router model HG100R-* 2.0.6 is prone to an authentication bypass vulnerability via specially crafted requests to the management console. The bug is exploitable remotely when the router is configured to expose the management console. The router is not validating the session token while returning answers for some methods in url '/api'. An attacker can use this vulnerability to retrieve sensitive information such as private/public IP addresses, SSID names, and passwords.

Vulnerable Product	Search on Vulmon	Subscribe to Product
humaxdigital hg100r_firmware 2.0.6

# coding: utf-8 # Exploit Title: Humax HG100R-* Authentication Bypass # Date: 14/09/2017 # Exploit Author: Kivson # Vendor Homepage: humaxdigitalcom # Version: VER 206 # Tested on: OSX Linux # CVE : CVE-2017-11435 # The Humax Wi-Fi Router model HG100R-* 206 is prone to an authentication bypass vulnerability via specially # crafted re ...

CWE-200 https://www.trustwave.com/Resources/Security-Advisories/Advisories/Multiple-Vulnerabilities-in-Humax-Routers/?fid=9700 https://hackertor.com/2017/07/19/na-cve-2017-11435-the-humax-wi-fi-router-model-hg100r-2-0-6-is/https://nvd.nist.gov https://www.exploit-db.com/exploits/42732/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2017-11435

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect