Details of VAR-201707-1081

ID

VAR-201707-1081

CVE

CVE-2017-7316

TITLE

Humax Digital HG100R Cross-Site Scripting Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2017-21544 // CNNVD: CNNVD-201703-1296

DESCRIPTION

An issue was discovered on Humax Digital HG100R 2.0.6 devices. There is XSS on the 404 page. Humax Digital HG100R Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. The HumaxDigitalHG100R is a router from Humax Digital, Korea. A cross-site scripting vulnerability exists in the 404 page in the HumaxDigitalHG100R version 2.0.6. A remote attacker can exploit this vulnerability to inject arbitrary web scripts or HTML. Humax Digital HG100R multiple vulnerabilities Device: Humax HG100R Software Version: VER 2.0.6 - Backup file download (CVE-2017-7315) An issue was discovered on Humax Digital HG100R 2.0.6 devices, a modem commonly used by ISPs to provide ADSL internet service to household and small business users. (CHECA ESSA INFO) To download the backup file it's not required the use of credentials or any authentication, and the router credentials are stored in plaintext inside the backup. PoC wget http://192.168.0.1/view/basic/GatewaySettings.bin strings GatewaySettings.bin | grep -A 1 admin -------------------------------------------------------------------------------- - XSS Reflected(CVE-2017-7316) An issue was discovered on Humax Digital HG100R 2.0.6 devices. DESCREVE BREVEMENTE O QUE A XSS REFLECTED E FALA O QUE PODE FAZER COM O USUARIO USANDO ISSO. PoC http://192.168.0.1<script>alert('XSS')</script> -------------------------------------------------------------------------------- - Default credentials to router's web application not declared in the manual(CVE-2017-7317) NAO ENTENDI ESSA FRASE. The attacker can find the root credentials in the backup file. PoC wget http://192.168.0.1/view/basic/GatewaySettings.bin strings GatewaySettings.bin | grep -A 1 root Timeline 2017-03-15 - First contact. Ignored by the vendor. 2017-03-21 - Second contact. 2017-03-22 - The vendor answered asking about the vulnerability. 2017-03-27 - Asked the vendor about his security team contact informarion to report the vulnerability. 2017-03-28 - The vendor answered saying that it is an old product, and they will check this vulnerabilities in the news products. 2017-03-28 - Ask the vendor about a patch. 2017-03-30 - Ask the vendor again about the patch. 2017-04-03 - Notified the vendor about the disclousure after 90 days, even without a patch. 2017-04-19 - Ask the vendor about a patch. 2017-05-08 - Ask the vendor about a patch. 2017-06-29 - Disclosure

Trust: 2.43

sources: NVD: CVE-2017-7316 // JVNDB: JVNDB-2017-005295 // CNVD: CNVD-2017-21544 // VULHUB: VHN-115519 // VULMON: CVE-2017-7316 // PACKETSTORM: 143227

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2017-21544

AFFECTED PRODUCTS

vendor:	humaxdigital	model:	hg100r	scope:	eq	version:	2.0.6	Trust: 1.6
vendor:	humax	model:	hg100r	scope:	eq	version:	2.0.6	Trust: 1.4

sources: CNVD: CNVD-2017-21544 // JVNDB: JVNDB-2017-005295 // CNNVD: CNNVD-201703-1296 // NVD: CVE-2017-7316

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-7316
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2017-7316
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2017-21544
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201703-1296
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-115519
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2017-7316
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2017-7316
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2017-21544
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-115519
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-7316
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	2.7
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2017-21544 // VULHUB: VHN-115519 // VULMON: CVE-2017-7316 // JVNDB: JVNDB-2017-005295 // CNNVD: CNNVD-201703-1296 // NVD: CVE-2017-7316

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.9

sources: VULHUB: VHN-115519 // JVNDB: JVNDB-2017-005295 // NVD: CVE-2017-7316

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201703-1296

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201703-1296

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-005295

PATCH

title:

Top Page

url:

https://jp.humaxdigital.com/

Trust: 0.8

sources: JVNDB: JVNDB-2017-005295

EXTERNAL IDS

db:	NVD	id:	CVE-2017-7316	Trust: 3.3
db:	JVNDB	id:	JVNDB-2017-005295	Trust: 0.8
db:	CNNVD	id:	CNNVD-201703-1296	Trust: 0.7
db:	CNVD	id:	CNVD-2017-21544	Trust: 0.6
db:	PACKETSTORM	id:	143227	Trust: 0.2
db:	VULHUB	id:	VHN-115519	Trust: 0.1
db:	VULMON	id:	CVE-2017-7316	Trust: 0.1

sources: CNVD: CNVD-2017-21544 // VULHUB: VHN-115519 // VULMON: CVE-2017-7316 // JVNDB: JVNDB-2017-005295 // PACKETSTORM: 143227 // CNNVD: CNNVD-201703-1296 // NVD: CVE-2017-7316

REFERENCES

url:	http://seclists.org/fulldisclosure/2017/jun/45	Trust: 3.2
url:	https://nvd.nist.gov/vuln/detail/cve-2017-7316	Trust: 0.9
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-7316	Trust: 0.8
url:	https://cwe.mitre.org/data/definitions/79.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://packetstormsecurity.com/files/143227/humax-digital-hg100r-2.0.6-xss-information-disclosure.html	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-7315	Trust: 0.1
url:	http://192.168.0.1/view/basic/gatewaysettings.bin	Trust: 0.1
url:	http://192.168.0.1<script>alert('xss')</script>	Trust: 0.1

CREDITS

The Gambler

Trust: 0.1

sources: PACKETSTORM: 143227

SOURCES

db:	CNVD	id:	CNVD-2017-21544
db:	VULHUB	id:	VHN-115519
db:	VULMON	id:	CVE-2017-7316
db:	JVNDB	id:	JVNDB-2017-005295
db:	PACKETSTORM	id:	143227
db:	CNNVD	id:	CNNVD-201703-1296
db:	NVD	id:	CVE-2017-7316

LAST UPDATE DATE

2025-04-20T23:27:22.105000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2017-21544	date:	2017-08-17T00:00:00
db:	VULHUB	id:	VHN-115519	date:	2017-07-07T00:00:00
db:	VULMON	id:	CVE-2017-7316	date:	2017-07-07T00:00:00
db:	JVNDB	id:	JVNDB-2017-005295	date:	2017-07-26T00:00:00
db:	CNNVD	id:	CNNVD-201703-1296	date:	2017-07-05T00:00:00
db:	NVD	id:	CVE-2017-7316	date:	2025-04-20T01:37:25.860

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2017-21544	date:	2017-08-17T00:00:00
db:	VULHUB	id:	VHN-115519	date:	2017-07-04T00:00:00
db:	VULMON	id:	CVE-2017-7316	date:	2017-07-04T00:00:00
db:	JVNDB	id:	JVNDB-2017-005295	date:	2017-07-26T00:00:00
db:	PACKETSTORM	id:	143227	date:	2017-07-03T12:12:12
db:	CNNVD	id:	CNNVD-201703-1296	date:	2017-03-30T00:00:00
db:	NVD	id:	CVE-2017-7316	date:	2017-07-04T02:29:00.223