Vulnerability-Lookup

CVE-2017-6558 (GCVE-0-2017-6558)

Vulnerability from cvelistv5 – Published: 2017-03-09 09:26 – Updated: 2024-08-05 15:33

Summary

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

CNVD-2017-03186

Vulnerability from cnvd - Published: 2017-03-23

Title

iBall Baton 150M Wireless Router认证绕过漏洞

Description

iBall Baton 150M Wireless Router是一款无线路由器。 iBall Baton 150M Wireless Router存在认证绕过漏洞。攻击者可以利用漏洞绕过身份验证机制并执行未经授权的操作。

Severity

中

Formal description

目前没有详细解决方案提供： http://www.iball.co.in/home

Reference

http://seclists.org/fulldisclosure/2017/Mar/22

Impacted products

Name
iBall Baton 150M Wireless-N ADSI.2+ Router 1.2.6

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "96822"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-6558",
      "cveUrl": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6558"
    }
  },
  "description": "iBall Baton 150M Wireless Router\u662f\u4e00\u6b3e\u65e0\u7ebf\u8def\u7531\u5668\u3002\r\n\r\niBall Baton 150M Wireless Router\u5b58\u5728\u8ba4\u8bc1\u7ed5\u8fc7\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u6f0f\u6d1e\u7ed5\u8fc7\u8eab\u4efd\u9a8c\u8bc1\u673a\u5236\u5e76\u6267\u884c\u672a\u7ecf\u6388\u6743\u7684\u64cd\u4f5c\u3002",
  "discovererName": "Indrajith.A.N",
  "formalWay": "\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u89e3\u51b3\u65b9\u6848\u63d0\u4f9b\uff1a\r\nhttp://www.iball.co.in/home",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-03186",
  "openTime": "2017-03-23",
  "products": {
    "product": "iBall Baton 150M Wireless-N ADSI.2+ Router 1.2.6"
  },
  "referenceLink": "http://seclists.org/fulldisclosure/2017/Mar/22",
  "serverity": "\u4e2d",
  "submitTime": "2017-03-10",
  "title": "iBall Baton 150M Wireless Router\u8ba4\u8bc1\u7ed5\u8fc7\u6f0f\u6d1e"
}

GSD-2017-6558

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2017-6558

Aliases

CVE-2017-6558

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2017-6558",
    "description": "iball Baton 150M iB-WRA150N v1 00000001 1.2.6 build 110401 Rel.47776n devices are prone to an authentication bypass vulnerability that allows remote attackers to view and modify administrative router settings by reading the HTML source code of the password.cgi file.",
    "id": "GSD-2017-6558",
    "references": [
      "https://packetstormsecurity.com/files/cve/CVE-2017-6558"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2017-6558"
      ],
      "details": "iball Baton 150M iB-WRA150N v1 00000001 1.2.6 build 110401 Rel.47776n devices are prone to an authentication bypass vulnerability that allows remote attackers to view and modify administrative router settings by reading the HTML source code of the password.cgi file.",
      "id": "GSD-2017-6558",
      "modified": "2023-12-13T01:21:10.326653Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2017-6558",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "iball Baton 150M iB-WRA150N v1 00000001 1.2.6 build 110401 Rel.47776n devices are prone to an authentication bypass vulnerability that allows remote attackers to view and modify administrative router settings by reading the HTML source code of the password.cgi file."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.youtube.com/watch?v=8GZg1IuSfCs",
            "refsource": "MISC",
            "url": "https://www.youtube.com/watch?v=8GZg1IuSfCs"
          },
          {
            "name": "96822",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/96822"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:iball:ib-wra150n_firmware:1.2.6:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:iball:ib-wra150n:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2017-6558"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "iball Baton 150M iB-WRA150N v1 00000001 1.2.6 build 110401 Rel.47776n devices are prone to an authentication bypass vulnerability that allows remote attackers to view and modify administrative router settings by reading the HTML source code of the password.cgi file."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-798"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.youtube.com/watch?v=8GZg1IuSfCs",
              "refsource": "MISC",
              "tags": [],
              "url": "https://www.youtube.com/watch?v=8GZg1IuSfCs"
            },
            {
              "name": "96822",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/96822"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": true,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2021-06-17T16:56Z",
      "publishedDate": "2017-03-09T09:59Z"
    }
  }
}

VAR-201703-1116

Vulnerability from variot - Updated: 2025-04-20 23:22

iball Baton 150M iB-WRA150N v1 00000001 1.2.6 build 110401 Rel.47776n devices are prone to an authentication bypass vulnerability that allows remote attackers to view and modify administrative router settings by reading the HTML source code of the password.cgi file. iBallBaton150MWirelessRouter is a wireless router. The iBallBaton150MWirelessRouter has an authentication bypass vulnerability. An attacker could exploit the vulnerability to bypass the authentication mechanism and perform unauthorized operations. iBall Baton 150M Wireless Router is prone to a authentication-bypass vulnerability. This may lead to further attacks. iBall Baton 150M Wireless Router 1.2.6 build 110401 Rel.47776n is vulnerable; other versions may also be affected. Devices using the following firmware and hardware are affected: firmware version 1.2.6 build 110401 Rel.47776n; hardware version iB-WRA150N v1 00000001

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201703-1116",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "ib-wra150n",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "iball",
        "version": "1.2.6"
      },
      {
        "model": "baton 150m wireless-n broadband router",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "iball",
        "version": "ib-wra150n v1 00000001"
      },
      {
        "model": "baton 150m wireless-n broadband router",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "iball",
        "version": "1.2.6 build 110401 rel.47776n"
      },
      {
        "model": "baton 150m wireless-n adsi.2+ router",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "iball",
        "version": "1.2.6"
      },
      {
        "model": "baton 150m wireless-n router",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "iball",
        "version": "1.2.6"
      },
      {
        "model": "baton 150m wireless-n adsi.2+ router build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "iball",
        "version": "1.2.6110401"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-03186"
      },
      {
        "db": "BID",
        "id": "96822"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-002235"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201703-408"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6558"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/h:iball:baton_150m_wireless-n_router",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:iball:baton_150m_wireless-n_router_firmware",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-002235"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Indrajith.A.N",
    "sources": [
      {
        "db": "BID",
        "id": "96822"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2017-6558",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CVE-2017-6558",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 1.9,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2017-03186",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "VHN-114761",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "id": "CVE-2017-6558",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.8,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2017-6558",
            "trust": 1.0,
            "value": "CRITICAL"
          },
          {
            "author": "NVD",
            "id": "CVE-2017-6558",
            "trust": 0.8,
            "value": "Critical"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2017-03186",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201703-408",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "VULHUB",
            "id": "VHN-114761",
            "trust": 0.1,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2017-6558",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-03186"
      },
      {
        "db": "VULHUB",
        "id": "VHN-114761"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-6558"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-002235"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201703-408"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6558"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "iball Baton 150M iB-WRA150N v1 00000001 1.2.6 build 110401 Rel.47776n devices are prone to an authentication bypass vulnerability that allows remote attackers to view and modify administrative router settings by reading the HTML source code of the password.cgi file. iBallBaton150MWirelessRouter is a wireless router. The iBallBaton150MWirelessRouter has an authentication bypass vulnerability. An attacker could exploit the vulnerability to bypass the authentication mechanism and perform unauthorized operations. iBall Baton 150M Wireless Router  is prone to a authentication-bypass vulnerability. This may lead to further attacks. \niBall Baton 150M Wireless Router 1.2.6 build 110401 Rel.47776n is vulnerable; other versions may also be affected. Devices using the following firmware and hardware are affected: firmware version 1.2.6 build 110401 Rel.47776n; hardware version iB-WRA150N v1 00000001",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-6558"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-002235"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-03186"
      },
      {
        "db": "BID",
        "id": "96822"
      },
      {
        "db": "VULHUB",
        "id": "VHN-114761"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-6558"
      }
    ],
    "trust": 2.61
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-114761",
        "trust": 0.1,
        "type": "unknown"
      },
      {
        "reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=42591",
        "trust": 0.1,
        "type": "exploit"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-114761"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-6558"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2017-6558",
        "trust": 3.5
      },
      {
        "db": "BID",
        "id": "96822",
        "trust": 2.7
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-002235",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201703-408",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-03186",
        "trust": 0.6
      },
      {
        "db": "EXPLOIT-DB",
        "id": "42591",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "141522",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-114761",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-6558",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-03186"
      },
      {
        "db": "VULHUB",
        "id": "VHN-114761"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-6558"
      },
      {
        "db": "BID",
        "id": "96822"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-002235"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201703-408"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6558"
      }
    ]
  },
  "id": "VAR-201703-1116",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-03186"
      },
      {
        "db": "VULHUB",
        "id": "VHN-114761"
      }
    ],
    "trust": 1.3306818
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-03186"
      }
    ]
  },
  "last_update_date": "2025-04-20T23:22:25.499000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "iball Baton 150M Wireless-N Broadband Router",
        "trust": 0.8,
        "url": "http://www.iball.co.in/Product/150M-Wireless-N-Broadband-Router/539"
      },
      {
        "title": "iBall-UTStar-CVEChecker",
        "trust": 0.1,
        "url": "https://github.com/GemGeorge/iBall-UTStar-CVEChecker "
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/khulnasoft-lab/awesome-security "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2017-6558"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-002235"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-798",
        "trust": 1.1
      },
      {
        "problemtype": "CWE-264",
        "trust": 0.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-114761"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-002235"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6558"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.9,
        "url": "http://www.securityfocus.com/bid/96822"
      },
      {
        "trust": 1.8,
        "url": "https://www.youtube.com/watch?v=8gzg1iusfcs"
      },
      {
        "trust": 1.4,
        "url": "http://seclists.org/fulldisclosure/2017/mar/22"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6558"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-6558"
      },
      {
        "trust": 0.3,
        "url": "http://www.iball.co.in/"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/798.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://www.exploit-db.com/exploits/42591/"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/gemgeorge/iball-utstar-cvechecker"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-03186"
      },
      {
        "db": "VULHUB",
        "id": "VHN-114761"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-6558"
      },
      {
        "db": "BID",
        "id": "96822"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-002235"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201703-408"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6558"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-03186"
      },
      {
        "db": "VULHUB",
        "id": "VHN-114761"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-6558"
      },
      {
        "db": "BID",
        "id": "96822"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-002235"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201703-408"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6558"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-03-23T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-03186"
      },
      {
        "date": "2017-03-09T00:00:00",
        "db": "VULHUB",
        "id": "VHN-114761"
      },
      {
        "date": "2017-03-09T00:00:00",
        "db": "VULMON",
        "id": "CVE-2017-6558"
      },
      {
        "date": "2017-03-09T00:00:00",
        "db": "BID",
        "id": "96822"
      },
      {
        "date": "2017-04-05T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-002235"
      },
      {
        "date": "2017-03-16T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201703-408"
      },
      {
        "date": "2017-03-09T09:59:00.363000",
        "db": "NVD",
        "id": "CVE-2017-6558"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-03-23T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-03186"
      },
      {
        "date": "2019-10-03T00:00:00",
        "db": "VULHUB",
        "id": "VHN-114761"
      },
      {
        "date": "2021-06-17T00:00:00",
        "db": "VULMON",
        "id": "CVE-2017-6558"
      },
      {
        "date": "2017-03-16T03:02:00",
        "db": "BID",
        "id": "96822"
      },
      {
        "date": "2017-04-05T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-002235"
      },
      {
        "date": "2019-10-23T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201703-408"
      },
      {
        "date": "2025-04-20T01:37:25.860000",
        "db": "NVD",
        "id": "CVE-2017-6558"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201703-408"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "iBall Baton 150M iB-WRA150N Vulnerabilities that bypass authentication on devices",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-002235"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "trust management problem",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201703-408"
      }
    ],
    "trust": 0.6
  }
}

FKIE_CVE-2017-6558

Vulnerability from fkie_nvd - Published: 2017-03-09 09:59 - Updated: 2025-04-20 01:37

Severity ?

9.8 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

	URL	Tags
	cve@mitre.org	http://www.securityfocus.com/bid/96822
	cve@mitre.org	https://www.youtube.com/watch?v=8GZg1IuSfCs
	af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/96822
	af854a3a-2127-422b-91ae-364da2661108	https://www.youtube.com/watch?v=8GZg1IuSfCs

Impacted products

	Vendor	Product	Version
	iball	ib-wra150n_firmware	1.2.6
	iball	ib-wra150n	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:iball:ib-wra150n_firmware:1.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "2AAD4C77-CAA7-4B35-AE3E-F41895D1B5A8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:iball:ib-wra150n:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C9AEFCD-95EC-4A36-B1F3-F5D91761F477",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "iball Baton 150M iB-WRA150N v1 00000001 1.2.6 build 110401 Rel.47776n devices are prone to an authentication bypass vulnerability that allows remote attackers to view and modify administrative router settings by reading the HTML source code of the password.cgi file."
    },
    {
      "lang": "es",
      "value": "Dispositivos iball Baton 150M iB-WRA150N v1 00000001 1.2.6 build 110401 Rel.47776n son propensos a una vulnerabilidad de elusi\u00f3n de autenticaci\u00f3n que permite a atacantes remotos ver y modificar la configuraci\u00f3n administrativa del router leyendo el c\u00f3digo fuente HTML del archivo password.cgi."
    }
  ],
  "id": "CVE-2017-6558",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": true,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-03-09T09:59:00.363",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/96822"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.youtube.com/watch?v=8GZg1IuSfCs"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/96822"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.youtube.com/watch?v=8GZg1IuSfCs"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-798"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-RG92-JRQC-H6Q6

Vulnerability from github – Published: 2022-05-13 01:09 – Updated: 2022-05-13 01:09

Details

Severity ?

9.8 (Critical)


                  
                    CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2017-6558"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-798"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-03-09T09:59:00Z",
    "severity": "CRITICAL"
  },
  "details": "iball Baton 150M iB-WRA150N v1 00000001 1.2.6 build 110401 Rel.47776n devices are prone to an authentication bypass vulnerability that allows remote attackers to view and modify administrative router settings by reading the HTML source code of the password.cgi file.",
  "id": "GHSA-rg92-jrqc-h6q6",
  "modified": "2022-05-13T01:09:16Z",
  "published": "2022-05-13T01:09:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6558"
    },
    {
      "type": "WEB",
      "url": "https://www.youtube.com/watch?v=8GZg1IuSfCs"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/96822"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2017-6558 (GCVE-0-2017-6558)

CNVD-2017-03186

GSD-2017-6558

VAR-201703-1116

FKIE_CVE-2017-6558

GHSA-RG92-JRQC-H6Q6

Tags

Sightings

Nomenclature