CVE-2020-9477

Published: Mar 4, 2020Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

An issue was discovered on HUMAX HGA12R-02 BRGCAA 1.1.53 devices. A vulnerability in the authentication functionality in the web-based interface could allow an unauthenticated remote attacker to capture packets at the time of authentication and gain access to the cleartext password. An attacker could use this access to create a new user account or control the device.

Affected (1)

Products: Humaxdigital: Hga12r 02 Firmware

1 product

Hga12r 02 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Humaxdigital Hga12r 02 Firmware	Version brgcaa1.1.53

Running on/with	Platform Versions
Humaxdigital Hga12r 02	All versions

Related CWEs

Cleartext Transmission of Sensitive Information

The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

References (4)

https://medium.com/%40rsantos_14778/info-disclosure-cve-2020-9477-29d0ca48d4fa

Source: cve@mitre.org

https://uk.humaxdigital.com/network/hga12r-02/

Source: cve@mitre.org

ProductVendor Advisory

https://medium.com/%40rsantos_14778/info-disclosure-cve-2020-9477-29d0ca48d4fa

Source: af854a3a-2127-422b-91ae-364da2661108

https://uk.humaxdigital.com/network/hga12r-02/

Source: af854a3a-2127-422b-91ae-364da2661108

ProductVendor Advisory

Timeline

No history available yet.