CVE-2017-14244
published 2017-09-17CVE-2017-14244: An authentication bypass vulnerability on iBall Baton ADSL2+ Home Router FW_iB-LR7011A_1.0.2 devices potentially allows attackers to directly access…
PriorityP273critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
17.15%
96.7th percentile
An authentication bypass vulnerability on iBall Baton ADSL2+ Home Router FW_iB-LR7011A_1.0.2 devices potentially allows attackers to directly access administrative router settings by crafting URLs with a .cgi extension, as demonstrated by /info.cgi and /password.cgi.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| iball | ib-wra150n_firmware | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect unauthenticated HTTP GET requests to any .cgi path on iBall Baton ADSL2+ router (FW_iB-LR7011A_1.0.2) — the bypass is triggered by requesting a page with a .cgi extension instead of its normal .html extension, bypassing authentication entirely. ↗
- →Monitor HTTP requests to sensitive administrative CGI endpoints: /info.cgi, /upload.cgi, /backupsettings.cgi, /pppoe.cgi, /resetrouter.cgi, /password.cgi — especially from unauthenticated or external sources. ↗
- →Alert on HTTP requests to /resetrouter.cgi or /upload.cgi from LAN or WAN interfaces without a prior authenticated session, as these allow destructive actions (factory reset, firmware upload). ↗
- ·The authentication bypass is specific to firmware version FW_iB-LR7011A_1.0.2 on the iBall Baton ADSL2+ Home Router WRA150N. Detection rules should be scoped to this device/firmware to avoid false positives on other CGI-based web servers. ↗
- ·The default gateway IP 192.168.1.1 is used in the exploit examples, but the actual router IP may differ per deployment. Detection should match on the .cgi path patterns rather than a fixed IP. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
https://www.exploit-db.com/exploits/42740/https://www.techipick.com/iball-baton-adsl2-home-router-utstar-wa3002g4-adsl-broadband-modem-authentication-bypasshttps://www.exploit-db.com/exploits/42740/https://www.techipick.com/iball-baton-adsl2-home-router-utstar-wa3002g4-adsl-broadband-modem-authentication-bypass
2017-09-17
Published