CVE-2017-6558

CRITICAL

iball iB-WRA150N v1 00000001 1.2.6 build 110401 Rel.47776n - Authentication Bypass via Password CGI HTML Source

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2017-6558. PoCs published by Indrajith.A.N, GemGeorge.

AI-analyzed exploit summary This is a writeup describing an authentication bypass vulnerability in the iball Baton 150M Wireless router. The exploit involves accessing the password.cgi file to disclose admin credentials in the page source.

Description

iball Baton 150M iB-WRA150N v1 00000001 1.2.6 build 110401 Rel.47776n devices are prone to an authentication bypass vulnerability that allows remote attackers to view and modify administrative router settings by reading the HTML source code of the password.cgi file.

Exploits (2)

exploitdb WRITEUP

by Indrajith.A.N · textwebappsphp

https://www.exploit-db.com/exploits/42591

View Code ZIP pw:eip

This is a writeup describing an authentication bypass vulnerability in the iball Baton 150M Wireless router. The exploit involves accessing the password.cgi file to disclose admin credentials in the page source.

Classification

Writeup 100%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: iball Baton 150M Wireless-N ADSI.2+ Router (Firmware Version: 1.2.6 build 110401 Rel.47776n)

No auth needed

Prerequisites: Network access to the router's web interface

MITRE ATT&CK

T1110 - Brute Force T1552 - Unsecured Credentials

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec SCANNER 5 stars

by GemGeorge · poc

https://github.com/GemGeorge/iBall-UTStar-CVEChecker

View Code ZIP pw:eip

This repository contains a Python script that checks for authentication bypass and information disclosure vulnerabilities in iBall and UTStar routers. It identifies specific models and firmware versions affected by CVE-2017-6558, CVE-2017-14243, and CVE-2017-14244.

Classification

Scanner 90%

Attack Type

Info Leak | Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: iBall 150M Wireless-N ADSL2+ Router (iB-WRA150N), iBall ADSL2+ Home Router WRA150N, UTStar WA3002G4 ADSL Broadband Modem

No auth needed

Prerequisites: Network access to the target device

MITRE ATT&CK

T1592 - Gather Victim Host Information T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Various Sources x_refsource_misc

https://www.youtube.com/watch?v=8GZg1IuSfCs

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/96822

Scores

CVSS v3 9.8

EPSS 0.1527

EPSS Percentile 96.3%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-798

Status published

Products (1)

iball/ib-wra150n_firmware 1.2.6

Published Mar 09, 2017

Tracked Since Feb 18, 2026