CVE-2017-14243

Опубликовано: 17 сент. 2017

Источник: nvd

CVSS3: 9.8

CVSS2: 10

EPSS Средний

Описание

An authentication bypass vulnerability on UTStar WA3002G4 ADSL Broadband Modem WA3002G4-0021.01 devices allows attackers to directly access administrative settings and obtain cleartext credentials from HTML source, as demonstrated by info.cgi, upload.cgi, backupsettings.cgi, pppoe.cgi, resetrouter.cgi, and password.cgi.

Ссылки

https://www.exploit-db.com/exploits/42739/
Third Party Advisory
VDB Entry
https://www.techipick.com/iball-baton-adsl2-home-router-utstar-wa3002g4-adsl-broadband-modem-authentication-bypass
Third Party Advisory
https://www.exploit-db.com/exploits/42739/
Third Party Advisory
VDB Entry
https://www.techipick.com/iball-baton-adsl2-home-router-utstar-wa3002g4-adsl-broadband-modem-authentication-bypass
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:utstar:wa3002g4_firmware:wa3002g4-0021.01:*:*:*:*:*:*:*

cpe:2.3:h:utstar:wa3002g4:-:*:*:*:*:*:*:*

EPSS

Процентиль: 98%

0.60326

Средний

9.8 Critical

CVSS3

10 Critical

CVSS2

Дефекты

CWE-287

Связанные уязвимости

GHSA-h4fp-2jq4-jm9w