CVE-2017-11435

Published: Jul 19, 2017Modified: May 13, 2026

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

The Humax Wi-Fi Router model HG100R-* 2.0.6 is prone to an authentication bypass vulnerability via specially crafted requests to the management console. The bug is exploitable remotely when the router is configured to expose the management console. The router is not validating the session token while returning answers for some methods in url '/api'. An attacker can use this vulnerability to retrieve sensitive information such as private/public IP addresses, SSID names, and passwords.

Affected (1)

Products: Humaxdigital: Hg100r Firmware

1 product

Hg100r Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Humaxdigital Hg100r Firmware	Version 2.0.6

Running on/with	Platform Versions
Humaxdigital Hg100r	All versions

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (3)

https://www.trustwave.com/Resources/Security-Advisories/Advisories/Multiple-Vulnerabilities-in-Humax-Routers/?fid=9700

Source: cve@mitre.org

Broken Link

https://hackertor.com/2017/07/19/na-cve-2017-11435-the-humax-wi-fi-router-model-hg100r-2-0-6-is/

Source: nvd@nist.gov

Third Party AdvisoryVDB Entry

https://www.trustwave.com/Resources/Security-Advisories/Advisories/Multiple-Vulnerabilities-in-Humax-Routers/?fid=9700

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

Timeline

No history available yet.