Description
An issue was discovered on Humax Digital HG100R 2.0.6 devices. To download the backup file it's not necessary to use credentials, and the router credentials are stored in plaintext inside the backup, aka GatewaySettings.bin.
References (1)
Core 1
Core References
Exploit, Mailing List, VDB Entry x_refsource_misc
http://seclists.org/fulldisclosure/2017/Jun/45
Scores
CVSS v3
9.8
EPSS
0.0212
EPSS Percentile
79.5%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-306
CWE-522
Status
published
Products (1)
humaxdigital/hg100r_firmware
2.0.6
Published
Jul 04, 2017
Tracked Since
Feb 18, 2026