Published: 31/01/2018 Updated: 28/02/2018

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 505

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Hotspot Shield runs a webserver with a static IP address 127.0.0.1 and port 895. The web server uses JSONP and hosts sensitive information including configuration. User controlled input is not sufficiently filtered: an unauthenticated attacker can send a POST request to /status.js with the parameter func=$_APPLOG.Rfunc and extract sensitive information about the machine, including whether the user is connected to a VPN, to which VPN he/she is connected, and what is their real IP address.

Vulnerable Product	Search on Vulmon	Subscribe to Product
anchorfree hotspot shield -

## Vulnerability Summary The following advisory describes a information disclosure found in Hotspot Shield Hotspot Shield “provides secure and private access to a free and open internet Enabling access to social networks, sports, audio and video streaming, news, dating, gaming wherever you are” ## Credit An independent security researcher, ...

CWE-200 https://blogs.securiteam.com/index.php/archives/3604 https://www.exploit-db.com/exploits/44042/https://nvd.nist.gov https://www.exploit-db.com/exploits/44042/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2018-6460

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect