ID CVE-2017-13717
Summary Starry Station (aka Starry Router) sets the Access-Control-Allow-Origin header to "*". This allows any hosted file on any domain to make calls to the device's webserver and brute force the credentials and pull any information that is stored on the device. In this case, a user's Wi-Fi credentials are stored in clear text on the device and can be pulled easily.
References
Vulnerable Configurations
  • cpe:2.3:o:starry:s00111_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:starry:s00111_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:h:starry:s00111:-:*:*:*:*:*:*:*
    cpe:2.3:h:starry:s00111:-:*:*:*:*:*:*:*
CVSS
Base: 4.3 (as of 11-06-2019 - 17:55)
Impact:
Exploitability:
CWE CWE-255
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
cvss-vector via4 AV:N/AC:M/Au:N/C:P/I:N/A:N
Last major update 11-06-2019 - 17:55
Published 10-06-2019 - 22:29
Back to Top