CVE-2017-14147

CRITICAL

FiberHome User End Router AN1020-25 - Info Disclosure

Title source: llm

Description

An issue was discovered on FiberHome User End Routers Bearing Model Number AN1020-25 which could allow an attacker to easily restore a router to its factory settings by simply browsing to the link http://[Default-Router-IP]/restoreinfo.cgi & execute it. Due to improper authentication on this page, the software accepts the request hence allowing attacker to reset the router to its default configurations which later could allow attacker to login to router by using default username/password.

Exploits (1)

exploitdb WORKING POC
by Ibad Shah · textwebappshardware
https://www.exploit-db.com/exploits/42649

References (3)

Scores

CVSS v3 9.8
EPSS 0.7344
EPSS Percentile 98.8%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-287
Status published
Products (1)
fiberhome/adsl_an1020-25_firmware
Published Sep 07, 2017
Tracked Since Feb 18, 2026