CVE-2017-14335

Name of the Vulnerable Software and Affected Versions Hanbang Hanbanggaoke devices (affected versions not specified)

Description The issue arises from insufficient sanitization of user-controlled input. By sending a PUT request to the "/ISAPI/Security/users/1" API endpoint, it is possible to change the admin password.

Recommendations For Hanbang Hanbanggaoke devices, consider restricting access to the "/ISAPI/Security/users/1" API endpoint until a fix is available. As a temporary workaround, limit the ability to send PUT requests to this endpoint to prevent unauthorized password changes. At the moment, there is no information about a newer version that contains a fix for this vulnerability.