CVE-2017-14244

Published: Sep 17, 2017Modified: May 13, 2026

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

An authentication bypass vulnerability on iBall Baton ADSL2+ Home Router FW_iB-LR7011A_1.0.2 devices potentially allows attackers to directly access administrative router settings by crafting URLs with a .cgi extension, as demonstrated by /info.cgi and /password.cgi.

Affected (1)

Products: Iball: Ib Wra150n Firmware

1 product

Ib Wra150n Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Iball Ib Wra150n Firmware	Version fw_ib-lr7011a_1.0.2

Running on/with	Platform Versions
Iball Ib Wra150n	All versions

Related CWEs

Direct Request ('Forced Browsing')

The web application does not adequately enforce appropriate authorization on all restricted URLs, scripts, or files.

References (4)

https://www.exploit-db.com/exploits/42740/

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

https://www.techipick.com/iball-baton-adsl2-home-router-utstar-wa3002g4-adsl-broadband-modem-authentication-bypass

Source: cve@mitre.org

Third Party Advisory

https://www.exploit-db.com/exploits/42740/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://www.techipick.com/iball-baton-adsl2-home-router-utstar-wa3002g4-adsl-broadband-modem-authentication-bypass

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.