Details of VAR-201703-1116

ID

VAR-201703-1116

CVE

CVE-2017-6558

TITLE

iBall Baton 150M iB-WRA150N Vulnerabilities that bypass authentication on devices

Trust: 0.8

sources: JVNDB: JVNDB-2017-002235

DESCRIPTION

iball Baton 150M iB-WRA150N v1 00000001 1.2.6 build 110401 Rel.47776n devices are prone to an authentication bypass vulnerability that allows remote attackers to view and modify administrative router settings by reading the HTML source code of the password.cgi file. iBallBaton150MWirelessRouter is a wireless router. The iBallBaton150MWirelessRouter has an authentication bypass vulnerability. An attacker could exploit the vulnerability to bypass the authentication mechanism and perform unauthorized operations. iBall Baton 150M Wireless Router is prone to a authentication-bypass vulnerability. This may lead to further attacks. iBall Baton 150M Wireless Router 1.2.6 build 110401 Rel.47776n is vulnerable; other versions may also be affected. Devices using the following firmware and hardware are affected: firmware version 1.2.6 build 110401 Rel.47776n; hardware version iB-WRA150N v1 00000001

Trust: 2.61

sources: NVD: CVE-2017-6558 // JVNDB: JVNDB-2017-002235 // CNVD: CNVD-2017-03186 // BID: 96822 // VULHUB: VHN-114761 // VULMON: CVE-2017-6558

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2017-03186

AFFECTED PRODUCTS

vendor:	iball	model:	ib-wra150n	scope:	eq	version:	1.2.6	Trust: 1.0
vendor:	iball	model:	baton 150m wireless-n broadband router	scope:	eq	version:	ib-wra150n v1 00000001	Trust: 0.8
vendor:	iball	model:	baton 150m wireless-n broadband router	scope:	eq	version:	1.2.6 build 110401 rel.47776n	Trust: 0.8
vendor:	iball	model:	baton 150m wireless-n adsi.2+ router	scope:	eq	version:	1.2.6	Trust: 0.6
vendor:	iball	model:	baton 150m wireless-n router	scope:	eq	version:	1.2.6	Trust: 0.6
vendor:	iball	model:	baton 150m wireless-n adsi.2+ router build	scope:	eq	version:	1.2.6110401	Trust: 0.3

sources: CNVD: CNVD-2017-03186 // BID: 96822 // JVNDB: JVNDB-2017-002235 // CNNVD: CNNVD-201703-408 // NVD: CVE-2017-6558

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-6558
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2017-6558
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2017-03186
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201703-408
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-114761
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2017-6558
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2017-6558
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2017-03186
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-114761
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-6558
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2017-03186 // VULHUB: VHN-114761 // VULMON: CVE-2017-6558 // JVNDB: JVNDB-2017-002235 // CNNVD: CNNVD-201703-408 // NVD: CVE-2017-6558

PROBLEMTYPE DATA

problemtype:	CWE-798	Trust: 1.1
problemtype:	CWE-264	Trust: 0.9

sources: VULHUB: VHN-114761 // JVNDB: JVNDB-2017-002235 // NVD: CVE-2017-6558

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201703-408

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-201703-408

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-002235

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-114761 // VULMON: CVE-2017-6558

PATCH

title:	iball Baton 150M Wireless-N Broadband Router	url:	http://www.iball.co.in/Product/150M-Wireless-N-Broadband-Router/539	Trust: 0.8
title:	iBall-UTStar-CVEChecker	url:	https://github.com/GemGeorge/iBall-UTStar-CVEChecker	Trust: 0.1
title:	-	url:	https://github.com/khulnasoft-lab/awesome-security	Trust: 0.1

sources: VULMON: CVE-2017-6558 // JVNDB: JVNDB-2017-002235

EXTERNAL IDS

db:	NVD	id:	CVE-2017-6558	Trust: 3.5
db:	BID	id:	96822	Trust: 2.7
db:	JVNDB	id:	JVNDB-2017-002235	Trust: 0.8
db:	CNNVD	id:	CNNVD-201703-408	Trust: 0.7
db:	CNVD	id:	CNVD-2017-03186	Trust: 0.6
db:	EXPLOIT-DB	id:	42591	Trust: 0.2
db:	PACKETSTORM	id:	141522	Trust: 0.1
db:	VULHUB	id:	VHN-114761	Trust: 0.1
db:	VULMON	id:	CVE-2017-6558	Trust: 0.1

sources: CNVD: CNVD-2017-03186 // VULHUB: VHN-114761 // VULMON: CVE-2017-6558 // BID: 96822 // JVNDB: JVNDB-2017-002235 // CNNVD: CNNVD-201703-408 // NVD: CVE-2017-6558

REFERENCES

url:	http://www.securityfocus.com/bid/96822	Trust: 1.9
url:	https://www.youtube.com/watch?v=8gzg1iusfcs	Trust: 1.8
url:	http://seclists.org/fulldisclosure/2017/mar/22	Trust: 1.4
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6558	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-6558	Trust: 0.8
url:	http://www.iball.co.in/	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/798.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://www.exploit-db.com/exploits/42591/	Trust: 0.1
url:	https://github.com/gemgeorge/iball-utstar-cvechecker	Trust: 0.1

sources: CNVD: CNVD-2017-03186 // VULHUB: VHN-114761 // VULMON: CVE-2017-6558 // BID: 96822 // JVNDB: JVNDB-2017-002235 // CNNVD: CNNVD-201703-408 // NVD: CVE-2017-6558

CREDITS

Indrajith.A.N

Trust: 0.3

sources: BID: 96822

SOURCES

db:	CNVD	id:	CNVD-2017-03186
db:	VULHUB	id:	VHN-114761
db:	VULMON	id:	CVE-2017-6558
db:	BID	id:	96822
db:	JVNDB	id:	JVNDB-2017-002235
db:	CNNVD	id:	CNNVD-201703-408
db:	NVD	id:	CVE-2017-6558

LAST UPDATE DATE

2025-04-20T23:22:25.499000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2017-03186	date:	2017-03-23T00:00:00
db:	VULHUB	id:	VHN-114761	date:	2019-10-03T00:00:00
db:	VULMON	id:	CVE-2017-6558	date:	2021-06-17T00:00:00
db:	BID	id:	96822	date:	2017-03-16T03:02:00
db:	JVNDB	id:	JVNDB-2017-002235	date:	2017-04-05T00:00:00
db:	CNNVD	id:	CNNVD-201703-408	date:	2019-10-23T00:00:00
db:	NVD	id:	CVE-2017-6558	date:	2025-04-20T01:37:25.860

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2017-03186	date:	2017-03-23T00:00:00
db:	VULHUB	id:	VHN-114761	date:	2017-03-09T00:00:00
db:	VULMON	id:	CVE-2017-6558	date:	2017-03-09T00:00:00
db:	BID	id:	96822	date:	2017-03-09T00:00:00
db:	JVNDB	id:	JVNDB-2017-002235	date:	2017-04-05T00:00:00
db:	CNNVD	id:	CNNVD-201703-408	date:	2017-03-16T00:00:00
db:	NVD	id:	CVE-2017-6558	date:	2017-03-09T09:59:00.363