Strix
26.1K

CVE-2017-14335

UnknownEPSS 27.83%

Last modified

CVE-2017-14335 is a vulnerability of currently unknown severity. On Beijing Hanbang Hanbanggaoke devices, because user-controlled input is not sufficiently sanitized, sending a PUT request to /ISAPI/Security/users/1 allows an admin password change.. EPSS estimates a 27.83% chance of exploitation in the next 30 days.

Description

On Beijing Hanbang Hanbanggaoke devices, because user-controlled input is not sufficiently sanitized, sending a PUT request to /ISAPI/Security/users/1 allows an admin password change.

Metrics

EPSS Probability
27.83%

97.8th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
HbgkHb7024xt FirmwareAll versions
HbgkHb7032xt FirmwareAll versions
HbgkHb7008t2 FirmwareAll versions
HbgkHb7016t2 FirmwareAll versions
HbgkHb7204xt FirmwareAll versions
HbgkHb7208xt FirmwareAll versions
HbgkHb7216xt FirmwareAll versions
HbgkHb7208x3 FirmwareAll versions
HbgkHb7216x3 FirmwareAll versions
HbgkHb7204x FirmwareAll versions
HbgkHb7208x FirmwareAll versions
HbgkHb7216x FirmwareAll versions
Hbgk7204xr FirmwareAll versions
Hbgk7208xr FirmwareAll versions
Hbgk7216xr FirmwareAll versions
HbgkHb7004k FirmwareAll versions
HbgkHb7004kh FirmwareAll versions
HbgkHb7008kc FirmwareAll versions
HbgkHb7008kce FirmwareAll versions
HbgkHb7008kh FirmwareAll versions
HbgkHb7008khe FirmwareAll versions
HbgkHb7204kl FirmwareAll versions
HbgkHb7204kk FirmwareAll versions
HbgkHb7016lc FirmwareAll versions
HbgkHb7016lh FirmwareAll versions
HbgkHb7116x3 FirmwareAll versions
HbgkHb7108x3 FirmwareAll versions
HbgkHb8004 FirmwareAll versions
HbgkHb8008 FirmwareAll versions
HbgkHb8016 FirmwareAll versions
HbgkHb8004r FirmwareAll versions
HbgkHb8008r FirmwareAll versions
HbgkHb8016r FirmwareAll versions
HbgkHb8204h FirmwareAll versions
HbgkHb8208h FirmwareAll versions
HbgkHb8216h FirmwareAll versions
HbgkHb8204hr FirmwareAll versions
HbgkHb8208hr FirmwareAll versions
HbgkHb8216hr FirmwareAll versions
HbgkHb8208x3 FirmwareAll versions
HbgkHb8216x3 FirmwareAll versions
HbgkHb8608x3 FirmwareAll versions
HbgkHb8616x3 FirmwareAll versions
HbgkHb8808x3 FirmwareAll versions
HbgkHb8816x3 FirmwareAll versions
HbgkHb9404x3 FirmwareAll versions
HbgkHb9408x3 FirmwareAll versions
HbgkHb9604x3 FirmwareAll versions
HbgkHb9608x3 FirmwareAll versions
HbgkHb9012x3 FirmwareAll versions

Showing 50 of 69 affected configurations. See NVD for the full list.

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2017-14335?
On Beijing Hanbang Hanbanggaoke devices, because user-controlled input is not sufficiently sanitized, sending a PUT request to /ISAPI/Security/users/1 allows an admin password change.
How severe is CVE-2017-14335?
Severity scoring for CVE-2017-14335 is pending analysis. The EPSS model estimates a 27.83% probability of exploitation in the next 30 days.
How do I fix CVE-2017-14335?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2017-14335?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST