cbcvebase.
CVE-2017-14244
published 2017-09-17

CVE-2017-14244: An authentication bypass vulnerability on iBall Baton ADSL2+ Home Router FW_iB-LR7011A_1.0.2 devices potentially allows attackers to directly access…

PriorityP273critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
17.15%
96.7th percentile
An authentication bypass vulnerability on iBall Baton ADSL2+ Home Router FW_iB-LR7011A_1.0.2 devices potentially allows attackers to directly access administrative router settings by crafting URLs with a .cgi extension, as demonstrated by /info.cgi and /password.cgi.

Affected

1 ranges
VendorProductVersion rangeFixed in
iballib-wra150n_firmware

Detection & IOCsextracted from sources · hover to see the quote

urlhttp://192.168.1.1/info.cgi
urlhttp://192.168.1.1/upload.cgi
urlhttp://192.168.1.1/backupsettings.cgi
urlhttp://192.168.1.1/pppoe.cgi
urlhttp://192.168.1.1/resetrouter.cgi
urlhttp://192.168.1.1/password.cgi
path/info.cgi
path/password.cgi
  • Detect unauthenticated HTTP GET requests to any .cgi path on iBall Baton ADSL2+ router (FW_iB-LR7011A_1.0.2) — the bypass is triggered by requesting a page with a .cgi extension instead of its normal .html extension, bypassing authentication entirely.
  • Monitor HTTP requests to sensitive administrative CGI endpoints: /info.cgi, /upload.cgi, /backupsettings.cgi, /pppoe.cgi, /resetrouter.cgi, /password.cgi — especially from unauthenticated or external sources.
  • Alert on HTTP requests to /resetrouter.cgi or /upload.cgi from LAN or WAN interfaces without a prior authenticated session, as these allow destructive actions (factory reset, firmware upload).
  • ·The authentication bypass is specific to firmware version FW_iB-LR7011A_1.0.2 on the iBall Baton ADSL2+ Home Router WRA150N. Detection rules should be scoped to this device/firmware to avoid false positives on other CGI-based web servers.
  • ·The default gateway IP 192.168.1.1 is used in the exploit examples, but the actual router IP may differ per deployment. Detection should match on the .cgi path patterns rather than a fixed IP.

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.