Gem George

4 exploits Active since Mar 2017
CVE-2017-6558 NOMISEC CRITICAL SCANNER
iball iB-WRA150N v1 00000001 1.2.6 build 110401 Rel.47776n - Authentication Bypass via Password CGI HTML Source
iball Baton 150M iB-WRA150N v1 00000001 1.2.6 build 110401 Rel.47776n devices are prone to an authentication bypass vulnerability that allows remote attackers to view and modify administrative router settings by reading the HTML source code of the password.cgi file.
5 stars
CVSS 9.8
CVE-2018-9032 EXPLOITDB CRITICAL text WRITEUP
D-Link DIR-850L Firmware 1.02-2.06 - Authentication Bypass via SharePort Web Access Portal
An authentication bypass vulnerability on D-Link DIR-850L Wireless AC1200 Dual Band Gigabit Cloud Router (Hardware Version : A1, B1; Firmware Version : 1.02-2.06) devices potentially allows attackers to bypass SharePort Web Access Portal by directly visiting /category_view.php or /folder_view.php.
CVSS 9.8
CVE-2017-14243 EXPLOITDB CRITICAL text WRITEUP
UTStar WA3002G4 ADSL Broadband Modem - Auth Bypass
An authentication bypass vulnerability on UTStar WA3002G4 ADSL Broadband Modem WA3002G4-0021.01 devices allows attackers to directly access administrative settings and obtain cleartext credentials from HTML source, as demonstrated by info.cgi, upload.cgi, backupsettings.cgi, pppoe.cgi, resetrouter.cgi, and password.cgi.
CVSS 9.8
CVE-2017-14244 EXPLOITDB CRITICAL text WRITEUP
iBall Baton ADSL2+ Home Router FW_iB-LR7011A_1.0.2 - Auth Bypass
An authentication bypass vulnerability on iBall Baton ADSL2+ Home Router FW_iB-LR7011A_1.0.2 devices potentially allows attackers to directly access administrative router settings by crafting URLs with a .cgi extension, as demonstrated by /info.cgi and /password.cgi.
CVSS 9.8