CVE-2020-9477
CRITICALHUMAX HGA12R-02 Firmware 1.1.53 - Unauthenticated Cleartext Password Transmission
Title source: llmDescription
An issue was discovered on HUMAX HGA12R-02 BRGCAA 1.1.53 devices. A vulnerability in the authentication functionality in the web-based interface could allow an unauthenticated remote attacker to capture packets at the time of authentication and gain access to the cleartext password. An attacker could use this access to create a new user account or control the device.
References (2)
Core 2
Core References
Product, Vendor Advisory x_refsource_misc
https://uk.humaxdigital.com/network/hga12r-02/
Various Sources x_refsource_misc
https://medium.com/%40rsantos_14778/info-disclosure-cve-2020-9477-29d0ca48d4fa
Scores
CVSS v3
9.8
EPSS
0.0126
EPSS Percentile
65.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-319
Status
published
Products (1)
humaxdigital/hga12r-02_firmware
brgcaa1.1.53
Published
Mar 04, 2020
Tracked Since
Feb 18, 2026