CVE-2017-6558

CRITICAL

Iball Ib-wra150n Firmware - Hard-coded Credentials

Title source: rule

Description

iball Baton 150M iB-WRA150N v1 00000001 1.2.6 build 110401 Rel.47776n devices are prone to an authentication bypass vulnerability that allows remote attackers to view and modify administrative router settings by reading the HTML source code of the password.cgi file.

Exploits (2)

exploitdb WRITEUP

by Indrajith.A.N · textwebappsphp

https://www.exploit-db.com/exploits/42591

View Code ZIP pw:eip

nomisec SCANNER 5 stars

by GemGeorge · poc

https://github.com/GemGeorge/iBall-UTStar-CVEChecker

View Code ZIP pw:eip

References (2)

[Various Sources] https://www.youtube.com/watch?v=8GZg1IuSfCs

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/96822

Scores

CVSS v3 9.8

EPSS 0.3477

EPSS Percentile 97.0%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-798

Status published

Products (1)

iball/ib-wra150n_firmware 1.2.6

Published Mar 09, 2017

Tracked Since Feb 18, 2026