CVE-2017-14147

CRITICAL

FiberHome User End Router AN1020-25 - Info Disclosure

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-14147. PoCs published by Ibad Shah.

AI-analyzed exploit summary This exploit demonstrates an unauthenticated factory reset vulnerability in FiberHome AN1020-25 routers via a GET request to `/restoreinfo.cgi`, allowing an attacker to reset the device to default settings and bypass authentication.

Description

An issue was discovered on FiberHome User End Routers Bearing Model Number AN1020-25 which could allow an attacker to easily restore a router to its factory settings by simply browsing to the link http://[Default-Router-IP]/restoreinfo.cgi & execute it. Due to improper authentication on this page, the software accepts the request hence allowing attacker to reset the router to its default configurations which later could allow attacker to login to router by using default username/password.

Exploits (1)

exploitdb WORKING POC

by Ibad Shah · textwebappshardware

https://www.exploit-db.com/exploits/42649

View Code ZIP pw:eip

This exploit demonstrates an unauthenticated factory reset vulnerability in FiberHome AN1020-25 routers via a GET request to `/restoreinfo.cgi`, allowing an attacker to reset the device to default settings and bypass authentication.

Classification

Working Poc 100%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: FiberHome ADSL AN1020-25

No auth needed

Prerequisites: Network access to the router's web interface

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/42649/

Exploit, Third Party Advisory, VDB Entry x_refsource_misc

http://packetstormsecurity.com/files/144022/FiberHome-Unauthenticated-ADSL-Router-Factory-Reset.html

Various Sources x_refsource_misc

https://beefaaubee09.github.io/fiberhome-adsls-dos/

Scores

CVSS v3 9.8

EPSS 0.7344

EPSS Percentile 98.8%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-287

Status published

Products (1)

fiberhome/adsl_an1020-25_firmware

Published Sep 07, 2017

Tracked Since Feb 18, 2026