CVE-2017-7315

CRITICAL

Humax Digital HG100R <2.0.6 - Info Disclosure

Title source: llm

Description

An issue was discovered on Humax Digital HG100R 2.0.6 devices. To download the backup file it's not necessary to use credentials, and the router credentials are stored in plaintext inside the backup, aka GatewaySettings.bin.

References (1)

[Exploit, Mailing List, VDB Entry] http://seclists.org/fulldisclosure/2017/Jun/45

Scores

CVSS v3 9.8

EPSS 0.0089

EPSS Percentile 75.2%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-522 CWE-306

Status draft

Affected Products (1)

humaxdigital/hg100r_firmware

Timeline

Published Jul 04, 2017

Tracked Since Feb 18, 2026