CVE-2017-11435

Name of the Vulnerable Software and Affected Versions Humax Wi-Fi Router model HG100R-* version 2.0.6

Description The issue allows for an authentication bypass via specially crafted requests to the management console. This can be exploited remotely when the router exposes the management console. The router fails to validate the session token for certain methods in the "/api" endpoint. An attacker can exploit this to retrieve sensitive information, including private and public IP addresses, SSID names, and passwords.

Recommendations For Humax Wi-Fi Router model HG100R-* version 2.0.6, consider restricting access to the management console to minimize the risk of exploitation. As a temporary workaround, avoid using the "/api" endpoint until a patch is available.