CVE-2017-14147

Name of the Vulnerable Software and Affected Versions FiberHome User End Routers version AN1020-25

Description An issue was discovered that could allow an attacker to easily restore a router to its factory settings by browsing to the "http://[Default-Router-IP]/restoreinfo.cgi" API endpoint and executing it. Due to improper authentication on this page, the software accepts the request, allowing the attacker to reset the router to its default configurations, which could later allow the attacker to login to the router using the default username and password.

Recommendations For FiberHome User End Routers version AN1020-25, as a temporary workaround, consider restricting access to the "/restoreinfo.cgi" API endpoint to minimize the risk of exploitation. Avoid using the default username and password until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.