Details of VAR-201707-1080

ID

VAR-201707-1080

CVE

CVE-2017-7315

TITLE

Humax Digital HG100R Vulnerable to information disclosure

Trust: 0.8

sources: JVNDB: JVNDB-2017-005294

DESCRIPTION

An issue was discovered on Humax Digital HG100R 2.0.6 devices. To download the backup file it's not necessary to use credentials, and the router credentials are stored in plaintext inside the backup, aka GatewaySettings.bin. Humax Digital HG100R Contains an information disclosure vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The HumaxDigitalHG100R is a router from Humax Digital, Korea. A security vulnerability exists in the HumaxDigitalHG100R version 2.0.6. Humax Digital HG100R multiple vulnerabilities Device: Humax HG100R Software Version: VER 2.0.6 - Backup file download (CVE-2017-7315) An issue was discovered on Humax Digital HG100R 2.0.6 devices, a modem commonly used by ISPs to provide ADSL internet service to household and small business users. PoC wget http://192.168.0.1/view/basic/GatewaySettings.bin strings GatewaySettings.bin | grep -A 1 admin -------------------------------------------------------------------------------- - XSS Reflected(CVE-2017-7316) An issue was discovered on Humax Digital HG100R 2.0.6 devices. DESCREVE BREVEMENTE O QUE A XSS REFLECTED E FALA O QUE PODE FAZER COM O USUARIO USANDO ISSO. There is XSS reflected on the 404 page. PoC http://192.168.0.1<script>alert('XSS')</script> -------------------------------------------------------------------------------- - Default credentials to router's web application not declared in the manual(CVE-2017-7317) NAO ENTENDI ESSA FRASE. PoC wget http://192.168.0.1/view/basic/GatewaySettings.bin strings GatewaySettings.bin | grep -A 1 root Timeline 2017-03-15 - First contact. Ignored by the vendor. 2017-03-21 - Second contact. 2017-03-22 - The vendor answered asking about the vulnerability. 2017-03-27 - Asked the vendor about his security team contact informarion to report the vulnerability. 2017-03-28 - The vendor answered saying that it is an old product, and they will check this vulnerabilities in the news products. 2017-03-28 - Ask the vendor about a patch. 2017-03-30 - Ask the vendor again about the patch. 2017-04-03 - Notified the vendor about the disclousure after 90 days, even without a patch. 2017-04-19 - Ask the vendor about a patch. 2017-05-08 - Ask the vendor about a patch. 2017-06-29 - Disclosure

Trust: 2.34

sources: NVD: CVE-2017-7315 // JVNDB: JVNDB-2017-005294 // CNVD: CNVD-2017-21541 // VULHUB: VHN-115518 // PACKETSTORM: 143227

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2017-21541

AFFECTED PRODUCTS

vendor:	humaxdigital	model:	hg100r	scope:	eq	version:	2.0.6	Trust: 1.6
vendor:	humax	model:	hg100r	scope:	eq	version:	2.0.6	Trust: 1.4

sources: CNVD: CNVD-2017-21541 // JVNDB: JVNDB-2017-005294 // CNNVD: CNNVD-201703-1297 // NVD: CVE-2017-7315

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-7315
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2017-7315
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2017-21541
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201703-1297
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-115518
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2017-7315
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2017-21541
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-115518
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-7315
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2017-21541 // VULHUB: VHN-115518 // JVNDB: JVNDB-2017-005294 // CNNVD: CNNVD-201703-1297 // NVD: CVE-2017-7315

PROBLEMTYPE DATA

problemtype:	CWE-306	Trust: 1.1
problemtype:	CWE-522	Trust: 1.1
problemtype:	CWE-200	Trust: 0.9

sources: VULHUB: VHN-115518 // JVNDB: JVNDB-2017-005294 // NVD: CVE-2017-7315

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201703-1297

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201703-1297

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-005294

PATCH

title:

Top Page

url:

https://jp.humaxdigital.com/

Trust: 0.8

sources: JVNDB: JVNDB-2017-005294

EXTERNAL IDS

db:	NVD	id:	CVE-2017-7315	Trust: 3.2
db:	JVNDB	id:	JVNDB-2017-005294	Trust: 0.8
db:	CNNVD	id:	CNNVD-201703-1297	Trust: 0.7
db:	CNVD	id:	CNVD-2017-21541	Trust: 0.6
db:	PACKETSTORM	id:	143227	Trust: 0.2
db:	VULHUB	id:	VHN-115518	Trust: 0.1

sources: CNVD: CNVD-2017-21541 // VULHUB: VHN-115518 // JVNDB: JVNDB-2017-005294 // PACKETSTORM: 143227 // CNNVD: CNNVD-201703-1297 // NVD: CVE-2017-7315

REFERENCES

url:	http://seclists.org/fulldisclosure/2017/jun/45	Trust: 3.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-7315	Trust: 0.9
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-7315	Trust: 0.8
url:	http://192.168.0.1/view/basic/gatewaysettings.bin	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-7316	Trust: 0.1
url:	http://192.168.0.1<script>alert('xss')</script>	Trust: 0.1

sources: CNVD: CNVD-2017-21541 // VULHUB: VHN-115518 // JVNDB: JVNDB-2017-005294 // PACKETSTORM: 143227 // CNNVD: CNNVD-201703-1297 // NVD: CVE-2017-7315

CREDITS

The Gambler

Trust: 0.1

sources: PACKETSTORM: 143227

SOURCES

db:	CNVD	id:	CNVD-2017-21541
db:	VULHUB	id:	VHN-115518
db:	JVNDB	id:	JVNDB-2017-005294
db:	PACKETSTORM	id:	143227
db:	CNNVD	id:	CNNVD-201703-1297
db:	NVD	id:	CVE-2017-7315

LAST UPDATE DATE

2025-04-20T23:27:22.141000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2017-21541	date:	2017-08-17T00:00:00
db:	VULHUB	id:	VHN-115518	date:	2019-10-03T00:00:00
db:	JVNDB	id:	JVNDB-2017-005294	date:	2017-07-26T00:00:00
db:	CNNVD	id:	CNNVD-201703-1297	date:	2019-10-23T00:00:00
db:	NVD	id:	CVE-2017-7315	date:	2025-04-20T01:37:25.860

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2017-21541	date:	2017-08-17T00:00:00
db:	VULHUB	id:	VHN-115518	date:	2017-07-04T00:00:00
db:	JVNDB	id:	JVNDB-2017-005294	date:	2017-07-26T00:00:00
db:	PACKETSTORM	id:	143227	date:	2017-07-03T12:12:12
db:	CNNVD	id:	CNNVD-201703-1297	date:	2017-03-30T00:00:00
db:	NVD	id:	CVE-2017-7315	date:	2017-07-04T02:29:00.177