PT-2017-17156 · Iball · Iball Baton 150M

Published

2017-03-09

Updated

2021-06-17

CVE-2017-6558

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions iball Baton 150M iB-WRA150N version 1.2.6

Description The issue allows remote attackers to bypass authentication and view or modify administrative router settings. This is achieved by reading the HTML source code of the password.cgi file.

Recommendations For version 1.2.6, consider restricting access to the password.cgi file as a temporary workaround until a patch is available.

Exploit

Fix

Using Hardcoded Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-798

Related Identifiers

CVE-2017-6558

Affected Products

Iball Baton 150M

PT-2017-17156 · Iball · Iball Baton 150M

CVE-2017-6558

Weakness Enumeration

Related Identifiers

Affected Products

References · 6