High severity8.8NVD Advisory· Published Jun 10, 2019· Updated Jun 17, 2026
CVE-2017-13717
CVE-2017-13717
Description
Starry Station (aka Starry Router) sets the Access-Control-Allow-Origin header to "*". This allows any hosted file on any domain to make calls to the device's webserver and brute force the credentials and pull any information that is stored on the device. In this case, a user's Wi-Fi credentials are stored in clear text on the device and can be pulled easily.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3- Starry Station/Starry Stationdescription
Patches
Vulnerability mechanics
References
3- github.com/ethanhunnt/IoT_vulnerabilities/blob/master/Starry_sec_issues.pdfnvdExploitThird Party Advisory
- packetstormsecurity.com/files/153240/Starry-Router-Camera-PIN-Brute-Force-CORS-Incorrect.htmlnvdThird Party AdvisoryVDB Entry
- seclists.org/bugtraq/2019/Jun/8nvdMailing ListThird Party Advisory
News mentions
0No linked articles in our index yet.