CVE-2017-14335CVE-2017-14335

Affected configuration(s):

cpe:/o:hbgk:7204xr_firmware:-
cpe:/o:hbgk:7208xr_firmware:-
cpe:/o:hbgk:7216xr_firmware:-
cpe:/o:hbgk:hb7004k_firmware:-
cpe:/o:hbgk:hb7004kh_firmware:-
cpe:/o:hbgk:hb7008kc_firmware:-
cpe:/o:hbgk:hb7008kce_firmware:-
cpe:/o:hbgk:hb7008kh_firmware:-
cpe:/o:hbgk:hb7008khe_firmware:-
cpe:/o:hbgk:hb7008t2_firmware:-
cpe:/o:hbgk:hb7016lc_firmware:-
cpe:/o:hbgk:hb7016lh_firmware:-
cpe:/o:hbgk:hb7016t2_firmware:-
cpe:/o:hbgk:hb7024xt_firmware:-
cpe:/o:hbgk:hb7032xt_firmware:-
cpe:/o:hbgk:hb7108x3_firmware:-
cpe:/o:hbgk:hb7116x3_firmware:-
cpe:/o:hbgk:hb7204kk_firmware:-
cpe:/o:hbgk:hb7204kl_firmware:-
cpe:/o:hbgk:hb7204x_firmware:-
cpe:/o:hbgk:hb7204xt_firmware:-
cpe:/o:hbgk:hb7208x3_firmware:-
cpe:/o:hbgk:hb7208x_firmware:-
cpe:/o:hbgk:hb7208xt_firmware:-
cpe:/o:hbgk:hb7216x3_firmware:-
cpe:/o:hbgk:hb7216x_firmware:-
cpe:/o:hbgk:hb7216xt_firmware:-
cpe:/o:hbgk:hb7904_firmware:-
cpe:/o:hbgk:hb7904x_firmware:-
cpe:/o:hbgk:hb7908_firmware:-
cpe:/o:hbgk:hb7908x_firmware:-
cpe:/o:hbgk:hb7916s_firmware:-
cpe:/o:hbgk:hb7916sx_firmware:-
cpe:/o:hbgk:hb8004_firmware:-
cpe:/o:hbgk:hb8004r_firmware:-
cpe:/o:hbgk:hb8008_firmware:-
cpe:/o:hbgk:hb8008r_firmware:-
cpe:/o:hbgk:hb8016_firmware:-
cpe:/o:hbgk:hb8016r_firmware:-
cpe:/o:hbgk:hb8204h_firmware:-
cpe:/o:hbgk:hb8204hr_firmware:-
cpe:/o:hbgk:hb8208h_firmware:-
cpe:/o:hbgk:hb8208hr_firmware:-
cpe:/o:hbgk:hb8208x3_firmware:-
cpe:/o:hbgk:hb8216h_firmware:-
cpe:/o:hbgk:hb8216hr_firmware:-
cpe:/o:hbgk:hb8216x3_firmware:-
cpe:/o:hbgk:hb8608x3_firmware:-
cpe:/o:hbgk:hb8616x3_firmware:-
cpe:/o:hbgk:hb8808x3_firmware:-
cpe:/o:hbgk:hb8816x3_firmware:-
cpe:/o:hbgk:hb9012x3_firmware:-
cpe:/o:hbgk:hb9020x3_firmware:-
cpe:/o:hbgk:hb9212x3_firmware:-
cpe:/o:hbgk:hb9220x3_firmware:-
cpe:/o:hbgk:hb9404x3_firmware:-
cpe:/o:hbgk:hb9408x3_firmware:-
cpe:/o:hbgk:hb9604x3_firmware:-
cpe:/o:hbgk:hb9608x3_firmware:-
cpe:/o:hbgk:hb9808n04_firmware:-
cpe:/o:hbgk:hb9816n08_firmware:-
cpe:/o:hbgk:hb9824n16_firmware:-
cpe:/o:hbgk:hb9832n16_firmware:-
cpe:/o:hbgk:hb9904_firmware:-
cpe:/o:hbgk:hb9908_firmware:-
cpe:/o:hbgk:hb9912_firmware:-
cpe:/o:hbgk:hb9916_firmware:-
cpe:/o:hbgk:hb9924_firmware:-
cpe:/o:hbgk:hb9932_firmware:-

Date published: 2017-09-12T04:29:00.473-04:00

Date last modified: 2017-09-28T10:39:49.010-04:00

CVSS Score: 5.0

Principal attack vector: NETWORK

Complexity:  LOW

Reference URL: https://blogs.securiteam.com/index.php/archives/3420

Summary: On Beijing Hanbang Hanbanggaoke devices, because user-controlled input is not sufficiently sanitized, sending a PUT request to /ISAPI/Security/users/1 allows an admin password change.

CategoriesUncategorised

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.