Details of VAR-201707-1082

ID

VAR-201707-1082

CVE

CVE-2017-7317

TITLE

Humax Digital HG100 Vulnerable to information disclosure

Trust: 0.8

sources: JVNDB: JVNDB-2017-005296

DESCRIPTION

An issue was discovered on Humax Digital HG100 2.0.6 devices. The attacker can find the root credentials in the backup file, aka GatewaySettings.bin. Humax Digital HG100 Contains an information disclosure vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The HumaxDigitalHG100R is a router from Humax Digital, Korea. A security vulnerability exists in the HumaxDigitalHG100R version 2.0.6

Trust: 2.34

sources: NVD: CVE-2017-7317 // JVNDB: JVNDB-2017-005296 // CNVD: CNVD-2017-21545 // VULHUB: VHN-115520 // VULMON: CVE-2017-7317

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2017-21545

AFFECTED PRODUCTS

vendor:	humaxdigital	model:	hg100r	scope:	eq	version:	2.0.6	Trust: 1.6
vendor:	humax	model:	hg100r	scope:	eq	version:	2.0.6	Trust: 1.4

sources: CNVD: CNVD-2017-21545 // JVNDB: JVNDB-2017-005296 // CNNVD: CNNVD-201703-1295 // NVD: CVE-2017-7317

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-7317
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2017-7317
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2017-21545
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201703-1295
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-115520
value:	HIGH
Trust: 0.1
VULMON:	CVE-2017-7317
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2017-7317
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2017-21545
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-115520
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-7317
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2017-21545 // VULHUB: VHN-115520 // VULMON: CVE-2017-7317 // JVNDB: JVNDB-2017-005296 // CNNVD: CNNVD-201703-1295 // NVD: CVE-2017-7317

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.9

sources: VULHUB: VHN-115520 // JVNDB: JVNDB-2017-005296 // NVD: CVE-2017-7317

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201703-1295

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201703-1295

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-005296

PATCH

title:	Top Page	url:	https://jp.humaxdigital.com/	Trust: 0.8
title:	TC7337	url:	https://github.com/RioIsDown/TC7337	Trust: 0.1
title:	HGB10R-2	url:	https://github.com/V1n1v131r4/HGB10R-2	Trust: 0.1

sources: VULMON: CVE-2017-7317 // JVNDB: JVNDB-2017-005296

EXTERNAL IDS

db:	NVD	id:	CVE-2017-7317	Trust: 3.2
db:	JVNDB	id:	JVNDB-2017-005296	Trust: 0.8
db:	CNNVD	id:	CNNVD-201703-1295	Trust: 0.7
db:	CNVD	id:	CNVD-2017-21545	Trust: 0.6
db:	VULHUB	id:	VHN-115520	Trust: 0.1
db:	VULMON	id:	CVE-2017-7317	Trust: 0.1

sources: CNVD: CNVD-2017-21545 // VULHUB: VHN-115520 // VULMON: CVE-2017-7317 // JVNDB: JVNDB-2017-005296 // CNNVD: CNNVD-201703-1295 // NVD: CVE-2017-7317

REFERENCES

url:	http://seclists.org/fulldisclosure/2017/jun/45	Trust: 3.2
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-7317	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-7317	Trust: 0.8
url:	https://cwe.mitre.org/data/definitions/200.html	Trust: 0.1
url:	https://github.com/rioisdown/tc7337	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2017-21545 // VULHUB: VHN-115520 // VULMON: CVE-2017-7317 // JVNDB: JVNDB-2017-005296 // CNNVD: CNNVD-201703-1295 // NVD: CVE-2017-7317

SOURCES

db:	CNVD	id:	CNVD-2017-21545
db:	VULHUB	id:	VHN-115520
db:	VULMON	id:	CVE-2017-7317
db:	JVNDB	id:	JVNDB-2017-005296
db:	CNNVD	id:	CNNVD-201703-1295
db:	NVD	id:	CVE-2017-7317

LAST UPDATE DATE

2025-04-20T23:42:11.052000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2017-21545	date:	2017-08-17T00:00:00
db:	VULHUB	id:	VHN-115520	date:	2017-07-07T00:00:00
db:	VULMON	id:	CVE-2017-7317	date:	2017-07-07T00:00:00
db:	JVNDB	id:	JVNDB-2017-005296	date:	2017-07-26T00:00:00
db:	CNNVD	id:	CNNVD-201703-1295	date:	2017-07-05T00:00:00
db:	NVD	id:	CVE-2017-7317	date:	2025-04-20T01:37:25.860

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2017-21545	date:	2017-08-17T00:00:00
db:	VULHUB	id:	VHN-115520	date:	2017-07-04T00:00:00
db:	VULMON	id:	CVE-2017-7317	date:	2017-07-04T00:00:00
db:	JVNDB	id:	JVNDB-2017-005296	date:	2017-07-26T00:00:00
db:	CNNVD	id:	CNNVD-201703-1295	date:	2017-03-30T00:00:00
db:	NVD	id:	CVE-2017-7317	date:	2017-07-04T02:29:00.253