Details of VAR-201709-0416

ID

VAR-201709-0416

CVE

CVE-2017-14335

TITLE

Beijing Hanbang Hanbanggaoke Vulnerability related to input validation on devices

Trust: 0.8

sources: JVNDB: JVNDB-2017-008350

DESCRIPTION

On Beijing Hanbang Hanbanggaoke devices, because user-controlled input is not sufficiently sanitized, sending a PUT request to /ISAPI/Security/users/1 allows an admin password change. Beijing Hanbang Hanbanggaoke The device contains an input validation vulnerability.Information may be tampered with. BeijingHanbangHanbanggaokeIPCamera is a network camera of China Hanbang Hi-Tech. BeijingHanbangHanbanggaokeIPCamera/ISAPI/Security/users/1 handles security vulnerabilities in requests, allowing remote attackers to exploit vulnerabilities to submit special requests and change administrator passwords. There is a security vulnerability in Beijing Hanbang Hanbanggaoke IP Camera, which is caused by the program's insufficient filtering input

Trust: 2.34

sources: NVD: CVE-2017-14335 // JVNDB: JVNDB-2017-008350 // CNVD: CNVD-2017-33723 // VULHUB: VHN-105047 // VULMON: CVE-2017-14335

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2017-33723

AFFECTED PRODUCTS

vendor:	hbgk	model:	hb9912	scope:	eq	version:	-	Trust: 1.6
vendor:	hbgk	model:	7204xr	scope:	eq	version:	-	Trust: 1.6
vendor:	hbgk	model:	7216xr	scope:	eq	version:	-	Trust: 1.6
vendor:	hbgk	model:	hb7208x	scope:	eq	version:	-	Trust: 1.6
vendor:	hbgk	model:	hb7004k	scope:	eq	version:	-	Trust: 1.6
vendor:	hbgk	model:	hb8204hr	scope:	eq	version:	-	Trust: 1.6
vendor:	hbgk	model:	hb7004kh	scope:	eq	version:	-	Trust: 1.6
vendor:	hbgk	model:	hb7216x	scope:	eq	version:	-	Trust: 1.6
vendor:	hbgk	model:	7208xr	scope:	eq	version:	-	Trust: 1.6
vendor:	hbgk	model:	hb7008kc	scope:	eq	version:	-	Trust: 1.6
vendor:	hbgk	model:	hb9832n16	scope:	eq	version:	-	Trust: 1.0
vendor:	hbgk	model:	hb9020x3	scope:	eq	version:	-	Trust: 1.0
vendor:	hbgk	model:	hb9904	scope:	eq	version:	-	Trust: 1.0
vendor:	hbgk	model:	hb7204x	scope:	eq	version:	-	Trust: 1.0
vendor:	hbgk	model:	hb7008kce	scope:	eq	version:	-	Trust: 1.0
vendor:	hbgk	model:	hb7116x3	scope:	eq	version:	-	Trust: 1.0
vendor:	hbgk	model:	hb8204h	scope:	eq	version:	-	Trust: 1.0
vendor:	hbgk	model:	hb9212x3	scope:	eq	version:	-	Trust: 1.0
vendor:	hbgk	model:	hb9824n16	scope:	eq	version:	-	Trust: 1.0
vendor:	hbgk	model:	hb8216h	scope:	eq	version:	-	Trust: 1.0
vendor:	hbgk	model:	hb7208xt	scope:	eq	version:	-	Trust: 1.0
vendor:	hbgk	model:	hb9408x3	scope:	eq	version:	-	Trust: 1.0
vendor:	hbgk	model:	hb8216hr	scope:	eq	version:	-	Trust: 1.0
vendor:	hbgk	model:	hb8816x3	scope:	eq	version:	-	Trust: 1.0
vendor:	hbgk	model:	hb7904	scope:	eq	version:	-	Trust: 1.0
vendor:	hbgk	model:	hb9908	scope:	eq	version:	-	Trust: 1.0
vendor:	hbgk	model:	hb7204kk	scope:	eq	version:	-	Trust: 1.0
vendor:	hbgk	model:	hb8208hr	scope:	eq	version:	-	Trust: 1.0
vendor:	hbgk	model:	hb7016lh	scope:	eq	version:	-	Trust: 1.0
vendor:	hbgk	model:	hb8608x3	scope:	eq	version:	-	Trust: 1.0
vendor:	hbgk	model:	hb9220x3	scope:	eq	version:	-	Trust: 1.0
vendor:	hbgk	model:	hb7016lc	scope:	eq	version:	-	Trust: 1.0
vendor:	hbgk	model:	hb8208x3	scope:	eq	version:	-	Trust: 1.0
vendor:	hbgk	model:	hb7016t2	scope:	eq	version:	-	Trust: 1.0
vendor:	hbgk	model:	hb9604x3	scope:	eq	version:	-	Trust: 1.0
vendor:	hbgk	model:	hb7008khe	scope:	eq	version:	-	Trust: 1.0
vendor:	hbgk	model:	hb9916	scope:	eq	version:	-	Trust: 1.0
vendor:	hbgk	model:	hb8016r	scope:	eq	version:	-	Trust: 1.0
vendor:	hbgk	model:	hb7008t2	scope:	eq	version:	-	Trust: 1.0
vendor:	hbgk	model:	hb7216x3	scope:	eq	version:	-	Trust: 1.0
vendor:	hbgk	model:	hb7108x3	scope:	eq	version:	-	Trust: 1.0
vendor:	hbgk	model:	hb8208h	scope:	eq	version:	-	Trust: 1.0
vendor:	hbgk	model:	hb8216x3	scope:	eq	version:	-	Trust: 1.0
vendor:	hbgk	model:	hb7032xt	scope:	eq	version:	-	Trust: 1.0
vendor:	hbgk	model:	hb8016	scope:	eq	version:	-	Trust: 1.0
vendor:	hbgk	model:	hb9608x3	scope:	eq	version:	-	Trust: 1.0
vendor:	hbgk	model:	hb9924	scope:	eq	version:	-	Trust: 1.0
vendor:	hbgk	model:	hb9404x3	scope:	eq	version:	-	Trust: 1.0
vendor:	hbgk	model:	hb9012x3	scope:	eq	version:	-	Trust: 1.0
vendor:	hbgk	model:	hb8808x3	scope:	eq	version:	-	Trust: 1.0
vendor:	hbgk	model:	hb8616x3	scope:	eq	version:	-	Trust: 1.0
vendor:	hbgk	model:	hb8004	scope:	eq	version:	-	Trust: 1.0
vendor:	hbgk	model:	hb7904x	scope:	eq	version:	-	Trust: 1.0
vendor:	hbgk	model:	hb7208x3	scope:	eq	version:	-	Trust: 1.0
vendor:	hbgk	model:	hb7908x	scope:	eq	version:	-	Trust: 1.0
vendor:	hbgk	model:	hb7908	scope:	eq	version:	-	Trust: 1.0
vendor:	hbgk	model:	hb9932	scope:	eq	version:	-	Trust: 1.0
vendor:	hbgk	model:	hb7008kh	scope:	eq	version:	-	Trust: 1.0
vendor:	hbgk	model:	hb8008	scope:	eq	version:	-	Trust: 1.0
vendor:	hbgk	model:	hb7204kl	scope:	eq	version:	-	Trust: 1.0
vendor:	hbgk	model:	hb8004r	scope:	eq	version:	-	Trust: 1.0
vendor:	hbgk	model:	hb9808n04	scope:	eq	version:	-	Trust: 1.0
vendor:	hbgk	model:	hb7916s	scope:	eq	version:	-	Trust: 1.0
vendor:	hbgk	model:	hb7216xt	scope:	eq	version:	-	Trust: 1.0
vendor:	hbgk	model:	hb7916sx	scope:	eq	version:	-	Trust: 1.0
vendor:	hbgk	model:	hb9816n08	scope:	eq	version:	-	Trust: 1.0
vendor:	hbgk	model:	hb8008r	scope:	eq	version:	-	Trust: 1.0
vendor:	hbgk	model:	hb7024xt	scope:	eq	version:	-	Trust: 1.0
vendor:	hbgk	model:	hb7204xt	scope:	eq	version:	-	Trust: 1.0
vendor:	hbgk net	model:	7204xr	scope:	-	version:	-	Trust: 0.8
vendor:	hbgk net	model:	hb7004kh	scope:	-	version:	-	Trust: 0.8
vendor:	hbgk net	model:	hb7008kc	scope:	-	version:	-	Trust: 0.8
vendor:	hbgk net	model:	hb7008kce	scope:	-	version:	-	Trust: 0.8
vendor:	hbgk net	model:	hb7008kh	scope:	-	version:	-	Trust: 0.8
vendor:	hbgk net	model:	hb7008khe	scope:	-	version:	-	Trust: 0.8
vendor:	hbgk net	model:	hb7008t2	scope:	-	version:	-	Trust: 0.8
vendor:	hbgk net	model:	hb7016lc	scope:	-	version:	-	Trust: 0.8
vendor:	hbgk net	model:	hb7016lh	scope:	-	version:	-	Trust: 0.8
vendor:	hbgk net	model:	hb7016t2	scope:	-	version:	-	Trust: 0.8
vendor:	hbgk net	model:	hb8004	scope:	-	version:	-	Trust: 0.8
vendor:	hbgk net	model:	hb8004r	scope:	-	version:	-	Trust: 0.8
vendor:	hbgk net	model:	hb8008	scope:	-	version:	-	Trust: 0.8
vendor:	hbgk net	model:	hb8008r	scope:	-	version:	-	Trust: 0.8
vendor:	hbgk net	model:	hb8016	scope:	-	version:	-	Trust: 0.8
vendor:	hbgk net	model:	hb8016r	scope:	-	version:	-	Trust: 0.8
vendor:	hbgk net	model:	hb8204h	scope:	-	version:	-	Trust: 0.8
vendor:	hbgk net	model:	hb8204hr	scope:	-	version:	-	Trust: 0.8
vendor:	hbgk net	model:	hb8208h	scope:	-	version:	-	Trust: 0.8
vendor:	hbgk net	model:	hb8208hr	scope:	-	version:	-	Trust: 0.8
vendor:	hbgk net	model:	hb9012x3	scope:	-	version:	-	Trust: 0.8
vendor:	hbgk net	model:	hb9020x3	scope:	-	version:	-	Trust: 0.8
vendor:	hbgk net	model:	hb9212x3	scope:	-	version:	-	Trust: 0.8
vendor:	hbgk net	model:	hb9220x3	scope:	-	version:	-	Trust: 0.8
vendor:	hbgk net	model:	hb9404x3	scope:	-	version:	-	Trust: 0.8
vendor:	hbgk net	model:	hb9408x3	scope:	-	version:	-	Trust: 0.8
vendor:	hbgk net	model:	hb9604x3	scope:	-	version:	-	Trust: 0.8
vendor:	hbgk net	model:	hb9608x3	scope:	-	version:	-	Trust: 0.8
vendor:	hbgk net	model:	hb9808n04	scope:	-	version:	-	Trust: 0.8
vendor:	hbgk net	model:	hb9816n08	scope:	-	version:	-	Trust: 0.8
vendor:	hbgk	model:	hanbanggaoke ip camera	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2017-33723 // JVNDB: JVNDB-2017-008350 // CNNVD: CNNVD-201709-490 // NVD: CVE-2017-14335

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-14335
value:	HIGH
Trust: 1.0
NVD:	CVE-2017-14335
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2017-33723
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201709-490
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-105047
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2017-14335
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2017-14335
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2017-33723
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-105047
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-14335
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2017-33723 // VULHUB: VHN-105047 // VULMON: CVE-2017-14335 // JVNDB: JVNDB-2017-008350 // CNNVD: CNNVD-201709-490 // NVD: CVE-2017-14335

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-105047 // JVNDB: JVNDB-2017-008350 // NVD: CVE-2017-14335

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201709-490

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201709-490

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-008350

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-105047 // VULMON: CVE-2017-14335

PATCH

title:	Top Page	url:	http://www.hbgk.net/en/index.aspx	Trust: 0.8
title:	Awesome CVE PoC	url:	https://github.com/lnick2023/nicenice	Trust: 0.1
title:	Awesome CVE PoC	url:	https://github.com/xbl3/awesome-cve-poc_qazbnm456	Trust: 0.1
title:	Awesome CVE PoC	url:	https://github.com/qazbnm456/awesome-cve-poc	Trust: 0.1

sources: VULMON: CVE-2017-14335 // JVNDB: JVNDB-2017-008350

EXTERNAL IDS

db:	NVD	id:	CVE-2017-14335	Trust: 3.2
db:	JVNDB	id:	JVNDB-2017-008350	Trust: 0.8
db:	CNNVD	id:	CNNVD-201709-490	Trust: 0.7
db:	CNVD	id:	CNVD-2017-33723	Trust: 0.6
db:	EXPLOIT-DB	id:	44061	Trust: 0.2
db:	SEEBUG	id:	SSVID-97257	Trust: 0.1
db:	VULHUB	id:	VHN-105047	Trust: 0.1
db:	VULMON	id:	CVE-2017-14335	Trust: 0.1

sources: CNVD: CNVD-2017-33723 // VULHUB: VHN-105047 // VULMON: CVE-2017-14335 // JVNDB: JVNDB-2017-008350 // CNNVD: CNNVD-201709-490 // NVD: CVE-2017-14335

REFERENCES

url:	https://blogs.securiteam.com/index.php/archives/3420	Trust: 3.2
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-14335	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-14335	Trust: 0.8
url:	https://cwe.mitre.org/data/definitions/20.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://www.exploit-db.com/exploits/44061/	Trust: 0.1
url:	https://github.com/qazbnm456/awesome-cve-poc	Trust: 0.1

sources: CNVD: CNVD-2017-33723 // VULHUB: VHN-105047 // VULMON: CVE-2017-14335 // JVNDB: JVNDB-2017-008350 // CNNVD: CNNVD-201709-490 // NVD: CVE-2017-14335

SOURCES

db:	CNVD	id:	CNVD-2017-33723
db:	VULHUB	id:	VHN-105047
db:	VULMON	id:	CVE-2017-14335
db:	JVNDB	id:	JVNDB-2017-008350
db:	CNNVD	id:	CNNVD-201709-490
db:	NVD	id:	CVE-2017-14335

LAST UPDATE DATE

2025-04-20T23:35:46.560000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2017-33723	date:	2017-11-13T00:00:00
db:	VULHUB	id:	VHN-105047	date:	2017-09-28T00:00:00
db:	VULMON	id:	CVE-2017-14335	date:	2017-09-28T00:00:00
db:	JVNDB	id:	JVNDB-2017-008350	date:	2017-10-16T00:00:00
db:	CNNVD	id:	CNNVD-201709-490	date:	2017-09-13T00:00:00
db:	NVD	id:	CVE-2017-14335	date:	2025-04-20T01:37:25.860

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2017-33723	date:	2017-11-13T00:00:00
db:	VULHUB	id:	VHN-105047	date:	2017-09-12T00:00:00
db:	VULMON	id:	CVE-2017-14335	date:	2017-09-12T00:00:00
db:	JVNDB	id:	JVNDB-2017-008350	date:	2017-10-16T00:00:00
db:	CNNVD	id:	CNNVD-201709-490	date:	2017-09-13T00:00:00
db:	NVD	id:	CVE-2017-14335	date:	2017-09-12T08:29:00.473