CVE-2017-13717

Name of the Vulnerable Software and Affected Versions Starry Station (aka Starry Router) (affected versions not specified)

Description The issue allows any hosted file on any domain to make calls to the device's webserver due to the Access-Control-Allow-Origin header being set to "*". This enables brute force attacks on credentials and the retrieval of stored information on the device. Specifically, a user's Wi-Fi credentials are stored in clear text on the device and can be easily accessed.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.