Vulnerability CVE-2017-14335


Published: 2017-09-12

Description:
On Beijing Hanbang Hanbanggaoke devices, because user-controlled input is not sufficiently sanitized, sending a PUT request to /ISAPI/Security/users/1 allows an admin password change.

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:P/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
Partial
None
Affected software
HBGK -> Hb8216h firmware 
HBGK -> Hb9020x3 firmware 
HBGK -> Hb8008r firmware 
HBGK -> 7208xr firmware 
HBGK -> Hb8208hr firmware 
HBGK -> Hb7208xt firmware 
HBGK -> Hb9608x3 firmware 
HBGK -> Hb8004r firmware 
HBGK -> Hb8808x3 firmware 
HBGK -> Hb7008kce firmware 
HBGK -> Hb7008t2 firmware 
HBGK -> Hb9908 firmware 
HBGK -> 7204xr firmware 
HBGK -> Hb8608x3 firmware 
HBGK -> Hb9404x3 firmware 
HBGK -> Hb9912 firmware 
HBGK -> Hb7032xt firmware 
HBGK -> Hb7908 firmware 
HBGK -> Hb7216x3 firmware 
HBGK -> Hb7208x firmware 
HBGK -> Hb7916sx firmware 
HBGK -> Hb7008kc firmware 
HBGK -> Hb7916s firmware 
HBGK -> Hb9924 firmware 
HBGK -> Hb8204h firmware 
HBGK -> Hb7008khe firmware 
HBGK -> Hb8216x3 firmware 
HBGK -> Hb8008 firmware 
HBGK -> Hb7204x firmware 
HBGK -> Hb7004kh firmware 
HBGK -> Hb8004 firmware 
HBGK -> Hb7008kh firmware 
HBGK -> Hb9012x3 firmware 
HBGK -> Hb8204hr firmware 
HBGK -> Hb8208h firmware 
HBGK -> Hb9832n16 firmware 
HBGK -> Hb9932 firmware 
HBGK -> Hb9408x3 firmware 
HBGK -> Hb7204kl firmware 
HBGK -> Hb9916 firmware 
HBGK -> Hb9808n04 firmware 
HBGK -> Hb9816n08 firmware 
HBGK -> Hb8208x3 firmware 
HBGK -> Hb7208x3 firmware 
HBGK -> Hb7016t2 firmware 
HBGK -> 7216xr firmware 
HBGK -> Hb8016 firmware 
HBGK -> Hb7024xt firmware 
HBGK -> Hb7216xt firmware 
HBGK -> Hb9212x3 firmware 
HBGK -> Hb7016lc firmware 
HBGK -> Hb7016lh firmware 
HBGK -> Hb8816x3 firmware 
HBGK -> Hb9824n16 firmware 
HBGK -> Hb7204kk firmware 
HBGK -> Hb8616x3 firmware 
HBGK -> Hb9604x3 firmware 
HBGK -> Hb7908x firmware 
HBGK -> Hb9220x3 firmware 
HBGK -> Hb7904 firmware 
HBGK -> Hb7116x3 firmware 
HBGK -> Hb8216hr firmware 
HBGK -> Hb9904 firmware 
HBGK -> Hb7004k firmware 
HBGK -> Hb7216x firmware 
HBGK -> Hb7108x3 firmware 
HBGK -> Hb7904x firmware 
HBGK -> Hb7204xt firmware 
HBGK -> Hb8016r firmware 

 References:
https://blogs.securiteam.com/index.php/archives/3420

Copyright 2024, cxsecurity.com

 

Back to Top