Published: 12/09/2017 Updated: 28/09/2017

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 505

Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

On Beijing Hanbang Hanbanggaoke devices, because user-controlled input is not sufficiently sanitized, sending a PUT request to /ISAPI/Security/users/1 allows an admin password change.

Vulnerable Product	Search on Vulmon	Subscribe to Product
hbgk hb7024xt_firmware -
hbgk hb7032xt_firmware -
hbgk hb7008t2_firmware -
hbgk hb7016t2_firmware -
hbgk hb7204xt_firmware -
hbgk hb7208xt_firmware -
hbgk hb7216xt_firmware -
hbgk hb7208x3_firmware -
hbgk hb7216x3_firmware -
hbgk hb7204x_firmware -
hbgk hb7208x_firmware -
hbgk hb7216x_firmware -
hbgk 7204xr_firmware -
hbgk 7208xr_firmware -
hbgk 7216xr_firmware -
hbgk hb7004k_firmware -
hbgk hb7004kh_firmware -
hbgk hb7008kc_firmware -
hbgk hb7008kce_firmware -
hbgk hb7008kh_firmware -
hbgk hb7008khe_firmware -
hbgk hb7204kl_firmware -
hbgk hb7204kk_firmware -
hbgk hb7016lc_firmware -
hbgk hb7016lh_firmware -
hbgk hb7116x3_firmware -
hbgk hb7108x3_firmware -
hbgk hb8004_firmware -
hbgk hb8008_firmware -
hbgk hb8016_firmware -
hbgk hb8004r_firmware -
hbgk hb8008r_firmware -
hbgk hb8016r_firmware -
hbgk hb8204h_firmware -
hbgk hb8208h_firmware -
hbgk hb8216h_firmware -
hbgk hb8204hr_firmware -
hbgk hb8208hr_firmware -
hbgk hb8216hr_firmware -
hbgk hb8208x3_firmware -
hbgk hb8216x3_firmware -
hbgk hb8608x3_firmware -
hbgk hb8616x3_firmware -
hbgk hb8808x3_firmware -
hbgk hb8816x3_firmware -
hbgk hb9404x3_firmware -
hbgk hb9408x3_firmware -
hbgk hb9604x3_firmware -
hbgk hb9608x3_firmware -
hbgk hb9012x3_firmware -
hbgk hb9020x3_firmware -
hbgk hb9212x3_firmware -
hbgk hb9220x3_firmware -
hbgk hb7904_firmware -
hbgk hb7908_firmware -
hbgk hb7916s_firmware -
hbgk hb7904x_firmware -
hbgk hb7908x_firmware -
hbgk hb7916sx_firmware -
hbgk hb9904_firmware -
hbgk hb9908_firmware -
hbgk hb9912_firmware -
hbgk hb9916_firmware -
hbgk hb9924_firmware -
hbgk hb9932_firmware -
hbgk hb9808n04_firmware -
hbgk hb9816n08_firmware -
hbgk hb9824n16_firmware -
hbgk hb9832n16_firmware -

## Vulnerability summary The following advisory describes an arbitrary password change vulnerability found in Hanbanggaoke webcams Beijing Hanbang Technology, “one of the first enterprises entering into digital video surveillance industry, has been focusing on R&D of products and technology of digital video surveillance field While providi ...

CWE-20 https://blogs.securiteam.com/index.php/archives/3420 https://nvd.nist.gov https://www.exploit-db.com/exploits/44061/

CVE-2017-14335

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect