CVE-2017-14244

Опубликовано: 17 сент. 2017

Источник: nvd

CVSS3: 9.8

CVSS2: 10

EPSS Средний

Описание

An authentication bypass vulnerability on iBall Baton ADSL2+ Home Router FW_iB-LR7011A_1.0.2 devices potentially allows attackers to directly access administrative router settings by crafting URLs with a .cgi extension, as demonstrated by /info.cgi and /password.cgi.

Ссылки

https://www.exploit-db.com/exploits/42740/
Third Party Advisory
VDB Entry
https://www.techipick.com/iball-baton-adsl2-home-router-utstar-wa3002g4-adsl-broadband-modem-authentication-bypass
Third Party Advisory
https://www.exploit-db.com/exploits/42740/
Third Party Advisory
VDB Entry
https://www.techipick.com/iball-baton-adsl2-home-router-utstar-wa3002g4-adsl-broadband-modem-authentication-bypass
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:iball:ib-wra150n_firmware:fw_ib-lr7011a_1.0.2:*:*:*:*:*:*:*

cpe:2.3:h:iball:ib-wra150n:-:*:*:*:*:*:*:*

EPSS

Процентиль: 98%

0.50791

Средний

9.8 Critical

CVSS3

10 Critical

CVSS2

Дефекты

CWE-425

Связанные уязвимости

GHSA-8hp6-w36x-5x7g