Insecure Backup File Exposes Plaintext Router Credentials on Humax Digital HG100R 2.0.6 Devices

Insecure Backup File Exposes Plaintext Router Credentials on Humax Digital HG100R 2.0.6 Devices

CVE-2017-7315 · HIGH Severity

AV:N/AC:L/AU:N/C:C/I:C/A:C

An issue was discovered on Humax Digital HG100R 2.0.6 devices. To download the backup file it's not necessary to use credentials, and the router credentials are stored in plaintext inside the backup, aka GatewaySettings.bin.

Learn more about our Web Application Penetration Testing UK.