VYPR
Vendor

Humaxdigital

Products
8
CVEs
14
Across products
16
Status
Private

Products

8

Recent CVEs

14
  • CVE-2017-11435CriJul 19, 2017
    risk 0.68cvss 9.8epss 0.10

    The Humax Wi-Fi Router model HG100R-* 2.0.6 is prone to an authentication bypass vulnerability via specially crafted requests to the management console. The bug is exploitable remotely when the router is configured to expose the management console. The router is not validating…

  • CVE-2017-7317CriJul 4, 2017
    risk 0.64cvss 9.8epss 0.02

    An issue was discovered on Humax Digital HG100 2.0.6 devices. The attacker can find the root credentials in the backup file, aka GatewaySettings.bin.

  • CVE-2017-7315CriJul 4, 2017
    risk 0.64cvss 9.8epss 0.02

    An issue was discovered on Humax Digital HG100R 2.0.6 devices. To download the backup file it's not necessary to use credentials, and the router credentials are stored in plaintext inside the backup, aka GatewaySettings.bin.

  • CVE-2017-7316MedJul 4, 2017
    risk 0.40cvss 6.1epss 0.01

    An issue was discovered on Humax Digital HG100R 2.0.6 devices. There is XSS on the 404 page.

  • CVE-2019-11061Aug 29, 2019
    risk 0.01cvss epss 0.04

    A broken access control vulnerability in HG100 firmware versions up to 4.00.06 allows an attacker in the same local area network to control IoT devices that connect with itself via http://[target]/smarthome/devicecontrol without any authentication. CVSS 3.0 base score 10…

  • CVE-2020-27366Aug 28, 2023
    risk 0.00cvss epss 0.00

    Cross Site Scripting (XSS) vulnerability in wlscanresults.html in Humax HGB10R-02 BRGCAB version 1.0.03, allows local attackers to execute arbitrary code.

  • CVE-2020-9370Mar 5, 2020
    risk 0.00cvss epss 0.01

    HUMAX HGA12R-02 BRGCAA 1.1.53 devices allow Session Hijacking.

  • CVE-2020-9477Mar 4, 2020
    risk 0.00cvss epss 0.01

    An issue was discovered on HUMAX HGA12R-02 BRGCAA 1.1.53 devices. A vulnerability in the authentication functionality in the web-based interface could allow an unauthenticated remote attacker to capture packets at the time of authentication and gain access to the cleartext…

  • CVE-2019-15912Dec 20, 2019
    risk 0.00cvss epss 0.01

    An issue was discovered on ASUS HG100, MW100, WS-101, TS-101, AS-101, MS-101, DL-101 devices using ZigBee PRO. Attackers can use the ZigBee trust center rejoin procedure to perform mutiple denial of service attacks.

  • CVE-2019-15911Dec 20, 2019
    risk 0.00cvss epss 0.01

    An issue was discovered on ASUS HG100, MW100, WS-101, TS-101, AS-101, MS-101, DL-101 devices using ZigBee PRO. Because of insecure key transport in ZigBee communication, attackers can obtain sensitive information, cause the multiple denial of service attacks, take over smart…

  • CVE-2019-15910Dec 20, 2019
    risk 0.00cvss epss 0.01

    An issue was discovered on ASUS HG100, MW100, WS-101, TS-101, AS-101, MS-101, DL-101 devices using ZigBee PRO. Attackers can utilize the "discover ZigBee network procedure" to perform a denial of service attack.

  • CVE-2019-19890Dec 18, 2019
    risk 0.00cvss epss 0.01

    An issue was discovered on Humax Wireless Voice Gateway HGB10R-2 20160817_1855 devices. Admin credentials are sent over cleartext HTTP.

  • CVE-2019-19889Dec 18, 2019
    risk 0.00cvss epss 0.01

    An issue was discovered on Humax Wireless Voice Gateway HGB10R-2 20160817_1855 devices. The attacker can discover admin credentials in the backup file, aka backupsettings.conf.

  • CVE-2019-11060Aug 29, 2019
    risk 0.00cvss epss 0.03

    The web api server on Port 8080 of ASUS HG100 firmware up to 1.05.12, which is vulnerable to Slowloris HTTP Denial of Service: an attacker can cause a Denial of Service (DoS) by sending headers very slowly to keep HTTP or HTTPS connections and associated resources alive for a…