PT-2017-13320 · Iball · Iball Baton Adsl2+ Home Router
Gem George
·
Publicado
2017-09-17
·
Atualizado
2021-06-21
·
CVE-2017-14244
CVSS v2.0
10
Crítica
| Vetor | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
iBall Baton ADSL2+ Home Router version FW iB-LR7011A 1.0.2
Description
The issue allows attackers to bypass authentication and access administrative router settings by crafting URLs with a .cgi extension, such as "/info.cgi" and "/password.cgi".
Recommendations
For iBall Baton ADSL2+ Home Router version FW iB-LR7011A 1.0.2, consider restricting access to .cgi endpoints, such as "/info.cgi" and "/password.cgi", until a patch is available.
Exploit
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Iball Baton Adsl2+ Home Router