exploitDog

CVE-2018-20008

Опубликовано: 28 мая 2019

Источник: nvd

CVSS3: 6.8

CVSS2: 2.1

EPSS Низкий

Описание

iBall Baton iB-WRB302N20122017 devices have improper access control over the UART interface, allowing physical attackers to discover Wi-Fi credentials (plain text) and the web-console password (base64) via the debugging console.

Ссылки

https://payatu.com/ibaton-routers-responsible-disclosure/
Exploit
Third Party Advisory
https://www.iball.co.in/Category/Baton/283
Product
Vendor Advisory
https://payatu.com/ibaton-routers-responsible-disclosure/
Exploit
Third Party Advisory
https://www.iball.co.in/Category/Baton/283
Product
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:iball:ib-wrb302n_firmware:ib-wrb302n20122017:*:*:*:*:*:*:*

cpe:2.3:h:iball:ib-wrb302n:-:*:*:*:*:*:*:*

EPSS

Процентиль: 9%

0.00033

Низкий

6.8 Medium

CVSS3

2.1 Low

CVSS2

Дефекты

CWE-312

Связанные уязвимости

GHSA-rm4j-g65f-jfgx

github

больше 3 лет назад

iBall Baton iB-WRB302N20122017 devices have improper access control over the UART interface, allowing physical attackers to discover Wi-Fi credentials (plain text) and the web-console password (base64) via the debugging console.

EPSS

Процентиль: 9%

0.00033

Низкий

6.8 Medium

CVSS3

2.1 Low

CVSS2

Дефекты

CWE-312