CVE-2017-14335 Information

Description

On Beijing Hanbang Hanbanggaoke devices because user-controlled input is not sufficiently sanitized sending a PUT request to /ISAPI/Security/users/1 allows an admin password change.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Reference

https://blogs.securiteam.com/index.php/archives/3420

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

HIGH

Base Score

NONE

Base Severity

7.5