Sign-up

ID

VAR-201709-0349


CVE

CVE-2017-14244


TITLE

iBall Baton ADSL2+ Home Router Vulnerabilities related to certificate and password management

Trust: 0.8

sources: JVNDB: JVNDB-2017-008254

DESCRIPTION

An authentication bypass vulnerability on iBall Baton ADSL2+ Home Router FW_iB-LR7011A_1.0.2 devices potentially allows attackers to directly access administrative router settings by crafting URLs with a .cgi extension, as demonstrated by /info.cgi and /password.cgi. iBall Baton ADSL2+ Home Router Contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. iBallBatonADSL2+HomeRouter is a router of iBall India. An authentication bypass vulnerability exists in the iBallBatonADSL2+HomeRouterFW_iB-LR7011A_1.0.2 release. An attacker could exploit the vulnerability to log into the admin panel by building a URL with a .cgi extension

Trust: 2.34

sources: NVD: CVE-2017-14244 // JVNDB: JVNDB-2017-008254 // CNVD: CNVD-2018-10302 // VULHUB: VHN-104947 // VULMON: CVE-2017-14244

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-10302

AFFECTED PRODUCTS

vendor:iballmodel:ib-wra150nscope:eqversion:fw_ib-lr7011a_1.0.2

Trust: 1.0

vendor:iballmodel:baton adsl2+ home routerscope:eqversion:fw_ib-lr7011a_1.0.2

Trust: 0.8

vendor:iballmodel:baton adsl2+ home router fw ib-lr7011a 1.0.2scope: - version: -

Trust: 0.6

vendor:iballmodel:wra150nscope:eqversion:fw_ib-lr7011a_1.0.2

Trust: 0.6

sources: CNVD: CNVD-2018-10302 // JVNDB: JVNDB-2017-008254 // CNNVD: CNNVD-201709-268 // NVD: CVE-2017-14244

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-14244
value: CRITICAL

Trust: 1.0

NVD: CVE-2017-14244
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2018-10302
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201709-268
value: CRITICAL

Trust: 0.6

VULHUB: VHN-104947
value: HIGH

Trust: 0.1

VULMON: CVE-2017-14244
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2017-14244
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2018-10302
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-104947
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-14244
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2017-14244
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2018-10302 // VULHUB: VHN-104947 // VULMON: CVE-2017-14244 // JVNDB: JVNDB-2017-008254 // CNNVD: CNNVD-201709-268 // NVD: CVE-2017-14244

PROBLEMTYPE DATA

problemtype:CWE-425

Trust: 1.0

problemtype:CWE-255

Trust: 0.9

problemtype:CWE-287

Trust: 0.1

sources: VULHUB: VHN-104947 // JVNDB: JVNDB-2017-008254 // NVD: CVE-2017-14244

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201709-268

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201709-268

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-008254

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-104947 // 
            
            
            
            VULMON: CVE-2017-14244

PATCH
title:ADSL2+ Home Routerurl:https://www.iball.co.in/Product/ADSL2--Home-Router/746
Trust: 0.8
title:iBall-UTStar-CVECheckerurl:https://github.com/GemGeorge/iBall-UTStar-CVEChecker 
Trust: 0.1
sources:
            
            
            VULMON: CVE-2017-14244 // 
            
            
            
            JVNDB: JVNDB-2017-008254

EXTERNAL IDS
db:NVDid:CVE-2017-14244
Trust: 3.2
db:EXPLOIT-DBid:42740
Trust: 1.8
db:JVNDBid:JVNDB-2017-008254
Trust: 0.8
db:CNNVDid:CNNVD-201709-268
Trust: 0.7
db:CNVDid:CNVD-2018-10302
Trust: 0.6
db:SEEBUGid:SSVID-96644
Trust: 0.1
db:VULHUBid:VHN-104947
Trust: 0.1
db:VULMONid:CVE-2017-14244
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-10302 // 
            
            
            
            VULHUB: VHN-104947 // 
            
            
            
            VULMON: CVE-2017-14244 // 
            
            
            
            JVNDB: JVNDB-2017-008254 // 
            
            
            
            CNNVD: CNNVD-201709-268 // 
            
            
            
            NVD: CVE-2017-14244

REFERENCES
url:https://www.techipick.com/iball-baton-adsl2-home-router-utstar-wa3002g4-adsl-broadband-modem-authentication-bypass
Trust: 2.6
url:https://www.exploit-db.com/exploits/42740/
Trust: 1.9
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-14244
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-14244
Trust: 0.8
url:https://cxsecurity.com/cveshow/cve-2017-14244/
Trust: 0.6
url:https://cwe.mitre.org/data/definitions/425.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://github.com/gemgeorge/iball-utstar-cvechecker
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-10302 // 
            
            
            
            VULHUB: VHN-104947 // 
            
            
            
            VULMON: CVE-2017-14244 // 
            
            
            
            JVNDB: JVNDB-2017-008254 // 
            
            
            
            CNNVD: CNNVD-201709-268 // 
            
            
            
            NVD: CVE-2017-14244

SOURCES
db:CNVDid:CNVD-2018-10302
db:VULHUBid:VHN-104947
db:VULMONid:CVE-2017-14244
db:JVNDBid:JVNDB-2017-008254
db:CNNVDid:CNNVD-201709-268
db:NVDid:CVE-2017-14244

LAST UPDATE DATE
2025-04-20T23:37:49.065000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-10302date:2018-05-25T00:00:00
db:VULHUBid:VHN-104947date:2019-10-03T00:00:00
db:VULMONid:CVE-2017-14244date:2021-06-21T00:00:00
db:JVNDBid:JVNDB-2017-008254date:2017-10-13T00:00:00
db:CNNVDid:CNNVD-201709-268date:2021-06-27T00:00:00
db:NVDid:CVE-2017-14244date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:CNVDid:CNVD-2018-10302date:2018-05-25T00:00:00
db:VULHUBid:VHN-104947date:2017-09-17T00:00:00
db:VULMONid:CVE-2017-14244date:2017-09-17T00:00:00
db:JVNDBid:JVNDB-2017-008254date:2017-10-13T00:00:00
db:CNNVDid:CNNVD-201709-268date:2017-09-11T00:00:00
db:NVDid:CVE-2017-14244date:2017-09-17T19:29:00.240