CVE-2017-13717
Last modified
CVE-2017-13717 is a vulnerability of currently unknown severity. Starry Station (aka Starry Router) sets the Access-Control-Allow-Origin header to "*". This allows any hosted file on any domain to make calls to the device's webserver and brute force the credentials and pull any information that is stored on the device. EPSS estimates a 2.55% chance of exploitation in the next 30 days.
Description
Starry Station (aka Starry Router) sets the Access-Control-Allow-Origin header to "*". This allows any hosted file on any domain to make calls to the device's webserver and brute force the credentials and pull any information that is stored on the device. In this case, a user's Wi-Fi credentials are stored in clear text on the device and can be pulled easily.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Starry | S00111 Firmware | All versions |
References
- http://packetstormsecurity.com/files/153240/Starry-Router-Camera-PIN-Brute-Force-CORS-Incorrect.htmlThird Party Advisory, VDB Entry
- https://github.com/ethanhunnt/IoT_vulnerabilities/blob/master/Starry_sec_issues.pdfExploit, Third Party Advisory
- https://seclists.org/bugtraq/2019/Jun/8Mailing List, Third Party Advisory
- http://packetstormsecurity.com/files/153240/Starry-Router-Camera-PIN-Brute-Force-CORS-Incorrect.htmlThird Party Advisory, VDB Entry
- https://github.com/ethanhunnt/IoT_vulnerabilities/blob/master/Starry_sec_issues.pdfExploit, Third Party Advisory
- https://seclists.org/bugtraq/2019/Jun/8Mailing List, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2017-13717?
How severe is CVE-2017-13717?
How do I fix CVE-2017-13717?
Are you affected by CVE-2017-13717?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST