Ib Wra150N Firmware
CVE-2017-14244
CRITICAL
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionCVE.org
An authentication bypass vulnerability on iBall Baton ADSL2+ Home Router FW_iB-LR7011A_1.0.2 devices potentially allows attackers to directly access administrative router settings by crafting URLs with a .cgi extension, as demonstrated by /info.cgi and /password.cgi.
AnalysisAI
An authentication bypass vulnerability on iBall Baton ADSL2+ Home Router FW_iB-LR7011A_1.0.2 devices potentially allows attackers to directly access administrative router settings by crafting URLs. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 50.8%.
Technical ContextAI
This vulnerability is classified under CWE-425. An authentication bypass vulnerability on iBall Baton ADSL2+ Home Router FW_iB-LR7011A_1.0.2 devices potentially allows attackers to directly access administrative router settings by crafting URLs with a .cgi extension, as demonstrated by /info.cgi and /password.cgi. Affected products include: Iball Ib-Wra150N Firmware.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Ib Wra150N Firmware
View alliball Baton 150M iB-WRA150N v1 00000001 1.2.6 build 110401 Rel.47776n devices are prone to an authentication bypass vuln
iBall iB-WRA150N 1.2.6 build 110401 Rel.47776n devices have a hardcoded password of admin for the admin account, a hardc
iBall iB-WRA150N 1.2.6 build 110401 Rel.47776n devices allow remote authenticated users to execute arbitrary OS commands
Same weakness CWE-425 – Direct Request ('Forced Browsing')
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today