iBall ADSL2+ Home Router - Authentication Bypass

EDB-ID: 42740
Author: Gem George
Published: 2017-09-18
CVE: CVE-2017-14244
Type: Webapps
Platform: Hardware
Vulnerable App: N/A

 # CVE: CVE-2017-14244 
# Date: 15-09-2017
# Exploit Author: Gem George
# Author Contact: https://www.linkedin.com/in/gemgrge
# Vulnerable Product: iBall ADSL2+ Home Router WRA150N https://www.iball.co.in/Product/ADSL2--Home-Router/746
# Firmware version: FW_iB-LR7011A_1.0.2
# Vendor Homepage: https://www.iball.co.in
# Reference: https://www.techipick.com/iball-baton-adsl2-home-router-utstar-wa3002g4-adsl-broadband-modem-authentication-bypass

Vulnerability Details
iBall ADSL2+ Home Router does not properly authenticate when pages are accessed through cgi version. This could potentially allow a remote attacker access sensitive information and perform actions such as reset router, downloading backup configuration, upload backup etc.

How to reproduce
Suppose is the router IP and one of the valid page in router is is, then the page can be directly accessed as as

Example URLs:
* – Status and details
* – Firmware Upgrade
* – perform backup settings to PC
* – PPPoE settings
* – Router reset
* – password settings

* https://www.youtube.com/watch?v=_SvrwCSdn54

++++++++++++++++++ www.0seccon.com ++++++++++++++++++

Related Posts