CVE-2017-14335

HIGH

Beijing Hanbang Hanbanggaoke - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-14335. PoCs published by SecuriTeam.

AI-analyzed exploit summary This exploit demonstrates an arbitrary password change vulnerability in Hanbanggaoke webcams by sending a crafted PUT request to the /ISAPI/Security/users/1 endpoint, allowing an attacker to reset the admin password without proper authentication.

Description

On Beijing Hanbang Hanbanggaoke devices, because user-controlled input is not sufficiently sanitized, sending a PUT request to /ISAPI/Security/users/1 allows an admin password change.

Exploits (1)

exploitdb WORKING POC
by SecuriTeam · webappshardware
https://www.exploit-db.com/exploits/44061

This exploit demonstrates an arbitrary password change vulnerability in Hanbanggaoke webcams by sending a crafted PUT request to the /ISAPI/Security/users/1 endpoint, allowing an attacker to reset the admin password without proper authentication.

Classification
Working Poc 90%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: Hanbanggaoke webcams (version not specified)
No auth needed
Prerequisites: Network access to the vulnerable webcam · Ability to intercept and modify HTTP requests (e.g., using Burp Suite)
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://blogs.securiteam.com/index.php/archives/3420

Scores

CVSS v3 7.5
EPSS 0.2783
EPSS Percentile 97.8%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Details

CWE
CWE-20
Status published
Products (50)
hbgk/7204xr_firmware
hbgk/7208xr_firmware
hbgk/7216xr_firmware
hbgk/hb7004k_firmware
hbgk/hb7004kh_firmware
hbgk/hb7008kc_firmware
hbgk/hb7008kce_firmware
hbgk/hb7008kh_firmware
hbgk/hb7008khe_firmware
hbgk/hb7008t2_firmware
... and 40 more
Published Sep 12, 2017
Tracked Since Feb 18, 2026