CVE-2017-16887

CRITICAL

FiberHome Mobile WIFI Device - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-16887. PoCs published by Ibad Shah.

AI-analyzed exploit summary This exploit targets multiple vulnerabilities in FiberHome MIFI LM53Q1 devices, specifically CVE-2017-16887, to retrieve administrative credentials and device details without authentication. It interacts with the device's XML API to extract sensitive information and modify settings.

Description

The portal on FiberHome Mobile WIFI Device Model LM53Q1 VH519R05C01S38 uses SOAP based web services in order to interact with the portal. Unauthorized Access to Web Services can result in disclosure of the WLAN key/password.

Exploits (1)

exploitdb WORKING POC
by Ibad Shah · pythonwebappshardware
https://www.exploit-db.com/exploits/43460

This exploit targets multiple vulnerabilities in FiberHome MIFI LM53Q1 devices, specifically CVE-2017-16887, to retrieve administrative credentials and device details without authentication. It interacts with the device's XML API to extract sensitive information and modify settings.

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: FiberHome MIFI LM53Q1 (VH519R05C01S38)
No auth needed
Prerequisites: Network access to the target device · Device must be using default or vulnerable firmware
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/43460/
Mailing List, Third Party Advisory mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2018/Jan/28

Scores

CVSS v3 9.8
EPSS 0.3720
EPSS Percentile 98.3%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-275
Status published
Products (1)
fiberhome/lm53q1_firmware vh519r05c01s38
Published Jan 12, 2018
Tracked Since Feb 18, 2026