CVE-2017-11435
published 2017-07-19CVE-2017-11435: The Humax Wi-Fi Router model HG100R-* 2.0.6 is prone to an authentication bypass vulnerability via specially crafted requests to the management console. The…
PriorityP268critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
10.05%
95.0th percentile
The Humax Wi-Fi Router model HG100R-* 2.0.6 is prone to an authentication bypass vulnerability via specially crafted requests to the management console. The bug is exploitable remotely when the router is configured to expose the management console. The router is not validating the session token while returning answers for some methods in url '/api'. An attacker can use this vulnerability to retrieve sensitive information such as private/public IP addresses, SSID names, and passwords.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| humaxdigital | hg100r_firmware | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect unauthenticated HTTP POST requests to the /api endpoint on Humax HG100R devices, particularly those containing the JSON-RPC method 'QuickSetupInfo' without a valid session token. ↗
- →Alert on HTTP POST requests to /api that return WiFi credentials (SSID/password fields) in the response body, indicating successful exploitation of the authentication bypass. ↗
- →Flag externally-exposed Humax HG100R management consoles (version 2.0.6) accepting unauthenticated JSON-RPC POST requests to /api from untrusted networks. ↗
- ·The authentication bypass is only exploitable when the Humax HG100R management console is exposed to external/remote access. Devices with management console restricted to LAN only are not directly reachable remotely. ↗
- ·The vulnerability affects only the HG100R-* model line running firmware version 2.0.6; other Humax models or firmware versions are not confirmed affected. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
https://www.trustwave.com/Resources/Security-Advisories/Advisories/Multiple-Vulnerabilities-in-Humax-Routers/?fid=9700https://hackertor.com/2017/07/19/na-cve-2017-11435-the-humax-wi-fi-router-model-hg100r-2-0-6-is/https://www.trustwave.com/Resources/Security-Advisories/Advisories/Multiple-Vulnerabilities-in-Humax-Routers/?fid=9700
2017-07-19
Published