vendor:
ADSL2+ Home Router WRA150N
by:
Gem George
9,8
CVSS
CRITICAL
Authentication Bypass
287
CWE
Product Name: ADSL2+ Home Router WRA150N
Affected Version From: FW_iB-LR7011A_1.0.2
Affected Version To: FW_iB-LR7011A_1.0.2
Patch Exists: YES
Related CWE: CVE-2017-14244
CPE: o:iball:adsl2_home_router_wra150n
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: None
2017
iBall ADSL2+ Home Router Authentication Bypass Vulnerability
iBall ADSL2+ Home Router does not properly authenticate when pages are accessed through cgi version. This could potentially allow a remote attacker access sensitive information and perform actions such as reset router, downloading backup configuration, upload backup etc.
Mitigation:
Ensure that authentication is properly implemented for all pages and that access to sensitive information is restricted to authenticated users.
