CVE 2019-11061
A broken access control vulnerability in HG100 firmware versions up to 4.00.06 allows an attacker in the same local area network to control IoT devices that connect with itself via http://[target]
See the
CVE page on Mitre.org
for more details.