CVE-2017-11169

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions iBall iB-WRA300N3GT version 1.1.1

Description The issue allows remote authenticated users to obtain root privileges by leveraging a guest, user, or normal account. This is achieved by submitting a modified privilege parameter to the "/form2userconfig.cgi" API endpoint.

Recommendations For version 1.1.1, consider restricting access to the "/form2userconfig.cgi" API endpoint until a patch is available. Additionally, limit the use of guest, user, or normal accounts to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2017-11169

Affected Products

Iball Ib-Wra300N3Gt

CVE-2017-11169

Related Identifiers

Affected Products

References · 3