Sign-up

ID

VAR-201709-0348


CVE

CVE-2017-14243


TITLE

UTStar WA3002G4 ADSL Broadband Modem Vulnerabilities related to certificate and password management in devices

Trust: 0.8

sources: JVNDB: JVNDB-2017-008255

DESCRIPTION

An authentication bypass vulnerability on UTStar WA3002G4 ADSL Broadband Modem WA3002G4-0021.01 devices allows attackers to directly access administrative settings and obtain cleartext credentials from HTML source, as demonstrated by info.cgi, upload.cgi, backupsettings.cgi, pppoe.cgi, resetrouter.cgi, and password.cgi. UTStar WA3002G4 ADSL Broadband Modem The device contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. UTStarWA3002G4 is a modem from UTStarcom, USA. There is an authentication bypass vulnerability in UTStarWA3002G4. UTStarcom UTStar WA3002G4 ADSL Broadband Modem is a modem of UTStarcom company in the United States. # Exploit Title: UTStar WA3002G4 ADSL Broadband Modem Authentication Bypass Vulnerability # CVE: CVE-2017-14243 # Date: 15-09-2017 # Exploit Author: Gem George # Author Contact: https://www.linkedin.com/in/gemgrge # Vulnerable Product: UTStar WA3002G4 ADSL Broadband Modem # Firmware version: WA3002G4-0021.01 # Vendor Homepage: http://www.utstar.com/ # Reference: https://www.techipick.com/iball-baton-adsl2-home-router-utstar-wa3002g4-adsl-broadband-modem-authentication-bypass Vulnerability Details ====================== The CGI version of the admin page of UTStar modem does not authenticate the user and hence any protected page in the modem can be directly accessed by replacing page extension with cgi. This could also allow anyone to perform operations such as reset modem, change passwords, backup configuration without any authentication. The modem also disclose passwords of each users (Admin, Support and User) in plain text behind the page source. How to reproduce =================== Suppose 192.168.1.1 is the device IP and one of the admin protected page in the modem is http://192.168.1.1/abcd.html, then the page can be directly accessed as as http://192.168.1.1/abcd.cgi Example URLs: * http://192.168.1.1/info.cgi a Status and details * http://192.168.1.1/upload.cgi a Firmware Upgrade * http://192.168.1.1/backupsettings.cgi a perform backup settings to PC * http://192.168.1.1/pppoe.cgi a PPPoE settings * http://192.168.1.1/resetrouter.cgi a Router reset * http://192.168.1.1/password.cgi a password settings POC ========= * https://www.youtube.com/watch?v=-wh1Y_jXMGk -----------------------Greetz---------------------- ++++++++++++++++++ www.0seccon.com ++++++++++++++++++ Saran,Jithin,Dhani,Vignesh,Hemanth,Sudin,Vijith,Joel

Trust: 2.43

sources: NVD: CVE-2017-14243 // JVNDB: JVNDB-2017-008255 // CNVD: CNVD-2018-14853 // VULHUB: VHN-104946 // VULMON: CVE-2017-14243 // PACKETSTORM: 144239

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-14853

AFFECTED PRODUCTS

vendor:utstarmodel:wa3002g4scope:eqversion:wa3002g4-0021.01

Trust: 1.6

vendor:utstarcom incorporatedmodel:utstar wa3002g4scope:eqversion:wa3002g4-0021.01

Trust: 0.8

vendor:utstarcommodel:wa3002g4 wa3002g4-0021.01scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2018-14853 // JVNDB: JVNDB-2017-008255 // CNNVD: CNNVD-201709-269 // NVD: CVE-2017-14243

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-14243
value: CRITICAL

Trust: 1.0

NVD: CVE-2017-14243
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2018-14853
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201709-269
value: CRITICAL

Trust: 0.6

VULHUB: VHN-104946
value: HIGH

Trust: 0.1

VULMON: CVE-2017-14243
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2017-14243
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2018-14853
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-104946
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-14243
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2018-14853 // VULHUB: VHN-104946 // VULMON: CVE-2017-14243 // JVNDB: JVNDB-2017-008255 // CNNVD: CNNVD-201709-269 // NVD: CVE-2017-14243

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.1

problemtype:CWE-255

Trust: 0.9

sources: VULHUB: VHN-104946 // JVNDB: JVNDB-2017-008255 // NVD: CVE-2017-14243

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201709-269

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201709-269

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-008255

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-104946 // 
            
            
            
            VULMON: CVE-2017-14243

PATCH
title:Top Pageurl:http://www.utstar.com/
Trust: 0.8
title:iBall-UTStar-CVECheckerurl:https://github.com/GemGeorge/iBall-UTStar-CVEChecker 
Trust: 0.1
sources:
            
            
            VULMON: CVE-2017-14243 // 
            
            
            
            JVNDB: JVNDB-2017-008255

EXTERNAL IDS
db:NVDid:CVE-2017-14243
Trust: 3.3
db:EXPLOIT-DBid:42739
Trust: 2.4
db:JVNDBid:JVNDB-2017-008255
Trust: 0.8
db:CNNVDid:CNNVD-201709-269
Trust: 0.7
db:EXPLOITDBid:42739
Trust: 0.6
db:CNVDid:CNVD-2018-14853
Trust: 0.6
db:PACKETSTORMid:144239
Trust: 0.2
db:SEEBUGid:SSVID-96645
Trust: 0.1
db:VULHUBid:VHN-104946
Trust: 0.1
db:VULMONid:CVE-2017-14243
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-14853 // 
            
            
            
            VULHUB: VHN-104946 // 
            
            
            
            VULMON: CVE-2017-14243 // 
            
            
            
            JVNDB: JVNDB-2017-008255 // 
            
            
            
            PACKETSTORM: 144239 // 
            
            
            
            CNNVD: CNNVD-201709-269 // 
            
            
            
            NVD: CVE-2017-14243

REFERENCES
url:https://www.techipick.com/iball-baton-adsl2-home-router-utstar-wa3002g4-adsl-broadband-modem-authentication-bypass
Trust: 2.7
url:https://www.exploit-db.com/exploits/42739/
Trust: 2.5
url:https://nvd.nist.gov/vuln/detail/cve-2017-14243
Trust: 0.9
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-14243
Trust: 0.8
url:https://cxsecurity.com/cveshow/cve-2017-14243/
Trust: 0.6
url:https://cwe.mitre.org/data/definitions/287.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://github.com/gemgeorge/iball-utstar-cvechecker
Trust: 0.1
url:https://www.0seccon.com
Trust: 0.1
url:http://192.168.1.1/abcd.cgi
Trust: 0.1
url:http://192.168.1.1/abcd.html,
Trust: 0.1
url:http://www.utstar.com/
Trust: 0.1
url:http://192.168.1.1/pppoe.cgi
Trust: 0.1
url:http://192.168.1.1/resetrouter.cgi
Trust: 0.1
url:http://192.168.1.1/upload.cgi
Trust: 0.1
url:http://192.168.1.1/backupsettings.cgi
Trust: 0.1
url:https://www.youtube.com/watch?v=-wh1y_jxmgk
Trust: 0.1
url:http://192.168.1.1/password.cgi
Trust: 0.1
url:https://www.linkedin.com/in/gemgrge
Trust: 0.1
url:http://192.168.1.1/info.cgi
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-14853 // 
            
            
            
            VULHUB: VHN-104946 // 
            
            
            
            VULMON: CVE-2017-14243 // 
            
            
            
            JVNDB: JVNDB-2017-008255 // 
            
            
            
            PACKETSTORM: 144239 // 
            
            
            
            CNNVD: CNNVD-201709-269 // 
            
            
            
            NVD: CVE-2017-14243

CREDITS
Gem George
Trust: 0.1
sources:
            
            
            PACKETSTORM: 144239

SOURCES
db:CNVDid:CNVD-2018-14853
db:VULHUBid:VHN-104946
db:VULMONid:CVE-2017-14243
db:JVNDBid:JVNDB-2017-008255
db:PACKETSTORMid:144239
db:CNNVDid:CNNVD-201709-269
db:NVDid:CVE-2017-14243

LAST UPDATE DATE
2025-04-20T23:04:18.379000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-14853date:2018-08-08T00:00:00
db:VULHUBid:VHN-104946date:2019-10-03T00:00:00
db:VULMONid:CVE-2017-14243date:2019-10-03T00:00:00
db:JVNDBid:JVNDB-2017-008255date:2017-10-13T00:00:00
db:CNNVDid:CNNVD-201709-269date:2019-10-23T00:00:00
db:NVDid:CVE-2017-14243date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:CNVDid:CNVD-2018-14853date:2018-08-08T00:00:00
db:VULHUBid:VHN-104946date:2017-09-17T00:00:00
db:VULMONid:CVE-2017-14243date:2017-09-17T00:00:00
db:JVNDBid:JVNDB-2017-008255date:2017-10-13T00:00:00
db:PACKETSTORMid:144239date:2017-09-19T14:30:01
db:CNNVDid:CNNVD-201709-269date:2017-09-11T00:00:00
db:NVDid:CVE-2017-14243date:2017-09-17T19:29:00.193