CVE-2018-6388

HIGH

iBall iB-WRA150N 1.2.6 - Authenticated OS Command Injection via Ping Test Arguments

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-6388. PoCs published by SecuriTeam.

AI-analyzed exploit summary The document describes two vulnerabilities in iB-WRA150N devices: hardcoded credentials and remote command execution via command injection in the ping test functionality. The RCE is achieved by injecting commands into the ping arguments in the Diagnostics page.

Description

iBall iB-WRA150N 1.2.6 build 110401 Rel.47776n devices allow remote authenticated users to execute arbitrary OS commands via shell metacharacters in the ping test arguments on the Diagnostics page.

Exploits (1)

exploitdb WRITEUP

by SecuriTeam · webappshardware

https://www.exploit-db.com/exploits/44043

View Code ZIP pw:eip

The document describes two vulnerabilities in iB-WRA150N devices: hardcoded credentials and remote command execution via command injection in the ping test functionality. The RCE is achieved by injecting commands into the ping arguments in the Diagnostics page.

Classification

Writeup 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: iB-WRA150N firmware 1.2.6 build 110401 Rel.47776n

Auth required

Prerequisites: Access to the router's web interface · Valid credentials (hardcoded or otherwise obtained)

MITRE ATT&CK

T1078 - Valid Accounts T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Exploit, Third Party Advisory x_refsource_misc

https://blogs.securiteam.com/index.php/archives/3654

Scores

CVSS v3 8.8

EPSS 0.0599

EPSS Percentile 92.4%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-78

Status published

Products (1)

iball/ib-wra150n_firmware 1.2.6

Published Jan 29, 2018

Tracked Since Feb 18, 2026