By Ionut Arghire on July 05, 2017
An unpatched vulnerability affecting Humax WiFi Router model HG-100R allows attackers to compromise the WiFi credentials and even retrieve the router console administrative password, Trustwave SpiderLabs researchers discovered.
The vulnerability was found in May 2017, but repeated attempts to alert the manufacturer on it remained unanswered, the researchers say. According to Trustwave, the device is a default brand/version distributed by a major Internet provider in Brazil, while also being used in various other parts of the world.
The issue, Trustwave explains, starts with specially crafted requests sent to the management console, which allow the attacker to bypass authentication. This attack is possible because the router fails to validate the session token while returning answers for some methods in "url/api".
Full Article.
Zero-Day Found in Humax WiFi Router
+54Be the first to reply!
Reply
Login to the community
No account yet? Create an account
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.