iBall Baton ADSL2+ Home Router 安全漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1124250 漏洞类型 授权问题
发布时间 2017-09-18 更新时间 2019-10-23
CVE编号 CVE-2017-14244 CNNVD-ID CNNVD-201709-268
漏洞平台 Hardware CVSS评分 10.0
iBall Baton ADSL2+ Home Router是印度iBall公司的一款路由器。 iBall Baton ADSL2+ Home Router FW_iB-LR7011A_1.0.2版本中存在身份验证绕过漏洞。攻击者可借助通过构建带有.cgi扩展的URL利用该漏洞登录管理面板。
# Exploit Title: iBall ADSL2+ Home Router Authentication Bypass Vulnerability
# CVE: CVE-2017-14244
# Date: 15-09-2017
# Exploit Author: Gem George
# Author Contact: https://www.linkedin.com/in/gemgrge
# Vulnerable Product: iBall ADSL2+ Home Router WRA150N https://www.iball.co.in/Product/ADSL2--Home-Router/746
# Firmware version: FW_iB-LR7011A_1.0.2
# Vendor Homepage: https://www.iball.co.in
# Reference: https://www.techipick.com/iball-baton-adsl2-home-router-utstar-wa3002g4-adsl-broadband-modem-authentication-bypass

Vulnerability Details
iBall ADSL2+ Home Router does not properly authenticate when pages are accessed through cgi version. This could potentially allow a remote attacker access sensitive information and perform actions such as reset router, downloading backup configuration, upload backup etc.

How to reproduce
Suppose is the router IP and one of the valid page in router is is, then the page can be directly accessed as as

Example URLs:
* – Status and details
* – Firmware Upgrade
* – perform backup settings to PC
* – PPPoE settings
* – Router reset
* – password settings

* https://www.youtube.com/watch?v=_SvrwCSdn54

++++++++++++++++++ www.0seccon.com ++++++++++++++++++