The Gambler

**Name of the Vulnerable Software and Affected Versions** Humax Digital HG100R version 2.0.6 **Description** An issue was discovered where it is not necessary to use credentials to download the backup file. The router credentials are stored in plaintext inside the backup file, referred to as GatewaySettings.bin. **Recommendations** For Humax Digital HG100R version 2.0.6, consider changing the router credentials and storing them securely to minimize the risk of exploitation. As a temporary workaround, restrict access to the backup file to prevent unauthorized downloads. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Humax Digital HG100R version 2.0.6 **Description** An issue was discovered that allows for cross-site scripting (XSS) on the 404 page. **Recommendations** For Humax Digital HG100R version 2.0.6, consider disabling access to the 404 page as a temporary workaround until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Humax Digital HG100 version 2.0.6 **Description** An issue was discovered where an attacker can obtain the root credentials from the backup file, specifically GatewaySettings.bin. **Recommendations** For Humax Digital HG100 version 2.0.6, consider changing the root credentials and restricting access to the backup file to minimize the risk of exploitation.