Details of VAR-201709-0319

ID

VAR-201709-0319

CVE

CVE-2017-14147

TITLE

FiberHome User End Routers Bearing Model Number AN1020-25 Vulnerabilities related to security functions

Trust: 0.8

sources: JVNDB: JVNDB-2017-008153

DESCRIPTION

An issue was discovered on FiberHome User End Routers Bearing Model Number AN1020-25 which could allow an attacker to easily restore a router to its factory settings by simply browsing to the link http://[Default-Router-IP]/restoreinfo.cgi & execute it. Due to improper authentication on this page, the software accepts the request hence allowing attacker to reset the router to its default configurations which later could allow attacker to login to router by using default username/password. FiberHomeUserEndRoutersBearingAN1020-25 is a router from China FiberHome. A security vulnerability exists in FiberHomeUserEndRoutersBearingAN1020-25 that caused the program to fail to perform authentication correctly. An attacker could use this vulnerability to restore the router to factory settings and log in to the router

Trust: 2.25

sources: NVD: CVE-2017-14147 // JVNDB: JVNDB-2017-008153 // CNVD: CNVD-2018-10300 // VULHUB: VHN-104840

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2018-10300

AFFECTED PRODUCTS

vendor:	fiberhome	model:	adsl an1020-25	scope:	eq	version:	-	Trust: 1.0
vendor:	fiberhome group	model:	adsl an1020-25	scope:	-	version:	-	Trust: 0.8
vendor:	fiberhome	model:	user end routers bearing an1020-25	scope:	-	version:	-	Trust: 0.6
vendor:	fiberhomegroup	model:	adsl an1020-25	scope:	eq	version:	-	Trust: 0.6

sources: CNVD: CNVD-2018-10300 // JVNDB: JVNDB-2017-008153 // CNNVD: CNNVD-201709-109 // NVD: CVE-2017-14147

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-14147
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2017-14147
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2018-10300
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201709-109
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-104840
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2017-14147
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2018-10300
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-104840
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-14147
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2018-10300 // VULHUB: VHN-104840 // JVNDB: JVNDB-2017-008153 // CNNVD: CNNVD-201709-109 // NVD: CVE-2017-14147

PROBLEMTYPE DATA

problemtype:	CWE-287	Trust: 1.1
problemtype:	CWE-254	Trust: 0.9

sources: VULHUB: VHN-104840 // JVNDB: JVNDB-2017-008153 // NVD: CVE-2017-14147

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201709-109

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201709-109

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-008153

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-104840

PATCH

title:

Top Page

url:

http://hk.fiberhomegroup.com/en/index.html

Trust: 0.8

sources: JVNDB: JVNDB-2017-008153

EXTERNAL IDS

db:	NVD	id:	CVE-2017-14147	Trust: 3.1
db:	PACKETSTORM	id:	144022	Trust: 2.5
db:	EXPLOIT-DB	id:	42649	Trust: 1.7
db:	JVNDB	id:	JVNDB-2017-008153	Trust: 0.8
db:	CNNVD	id:	CNNVD-201709-109	Trust: 0.7
db:	CNVD	id:	CNVD-2018-10300	Trust: 0.6
db:	VULHUB	id:	VHN-104840	Trust: 0.1

sources: CNVD: CNVD-2018-10300 // VULHUB: VHN-104840 // JVNDB: JVNDB-2017-008153 // CNNVD: CNNVD-201709-109 // NVD: CVE-2017-14147

REFERENCES

url:	http://packetstormsecurity.com/files/144022/fiberhome-unauthenticated-adsl-router-factory-reset.html	Trust: 2.5
url:	https://www.exploit-db.com/exploits/42649/	Trust: 1.7
url:	https://beefaaubee09.github.io/fiberhome-adsls-dos/	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2017-14147	Trust: 1.4
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-14147	Trust: 0.8

sources: CNVD: CNVD-2018-10300 // VULHUB: VHN-104840 // JVNDB: JVNDB-2017-008153 // CNNVD: CNNVD-201709-109 // NVD: CVE-2017-14147

SOURCES

db:	CNVD	id:	CNVD-2018-10300
db:	VULHUB	id:	VHN-104840
db:	JVNDB	id:	JVNDB-2017-008153
db:	CNNVD	id:	CNNVD-201709-109
db:	NVD	id:	CVE-2017-14147

LAST UPDATE DATE

2025-04-20T23:15:58.641000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2018-10300	date:	2018-05-25T00:00:00
db:	VULHUB	id:	VHN-104840	date:	2019-10-03T00:00:00
db:	JVNDB	id:	JVNDB-2017-008153	date:	2017-10-11T00:00:00
db:	CNNVD	id:	CNNVD-201709-109	date:	2019-10-23T00:00:00
db:	NVD	id:	CVE-2017-14147	date:	2025-04-20T01:37:25.860

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2018-10300	date:	2018-05-25T00:00:00
db:	VULHUB	id:	VHN-104840	date:	2017-09-07T00:00:00
db:	JVNDB	id:	JVNDB-2017-008153	date:	2017-10-11T00:00:00
db:	CNNVD	id:	CNNVD-201709-109	date:	2017-09-06T00:00:00
db:	NVD	id:	CVE-2017-14147	date:	2017-09-07T14:29:00.290