PT-2017-13320 · Iball · Iball Baton Adsl2+ Home Router

Gem George

Published

2017-09-17

Updated

2021-06-21

CVE-2017-14244

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions iBall Baton ADSL2+ Home Router version FW iB-LR7011A 1.0.2

Description The issue allows attackers to bypass authentication and access administrative router settings by crafting URLs with a .cgi extension, such as "/info.cgi" and "/password.cgi".

Recommendations For iBall Baton ADSL2+ Home Router version FW iB-LR7011A 1.0.2, consider restricting access to .cgi endpoints, such as "/info.cgi" and "/password.cgi", until a patch is available.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-425

Related Identifiers

CVE-2017-14244

Affected Products

Iball Baton Adsl2+ Home Router

PT-2017-13320 · Iball · Iball Baton Adsl2+ Home Router

CVE-2017-14244

Weakness Enumeration

Related Identifiers

Affected Products

References · 4