CVE-2017-14243

CRITICAL

UTStar WA3002G4 ADSL Broadband Modem - Auth Bypass

Title source: llm

Description

An authentication bypass vulnerability on UTStar WA3002G4 ADSL Broadband Modem WA3002G4-0021.01 devices allows attackers to directly access administrative settings and obtain cleartext credentials from HTML source, as demonstrated by info.cgi, upload.cgi, backupsettings.cgi, pppoe.cgi, resetrouter.cgi, and password.cgi.

Exploits (1)

exploitdb WRITEUP
by Gem George · textwebappshardware
https://www.exploit-db.com/exploits/42739

References (2)

Scores

CVSS v3 9.8
EPSS 0.6033
EPSS Percentile 98.3%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-287
Status published
Products (1)
utstar/wa3002g4_firmware wa3002g4-0021.01
Published Sep 17, 2017
Tracked Since Feb 18, 2026