VAR-201703-1116
Vulnerability from variot - Updated: 2025-04-20 23:22iball Baton 150M iB-WRA150N v1 00000001 1.2.6 build 110401 Rel.47776n devices are prone to an authentication bypass vulnerability that allows remote attackers to view and modify administrative router settings by reading the HTML source code of the password.cgi file. iBallBaton150MWirelessRouter is a wireless router. The iBallBaton150MWirelessRouter has an authentication bypass vulnerability. An attacker could exploit the vulnerability to bypass the authentication mechanism and perform unauthorized operations. iBall Baton 150M Wireless Router is prone to a authentication-bypass vulnerability. This may lead to further attacks. iBall Baton 150M Wireless Router 1.2.6 build 110401 Rel.47776n is vulnerable; other versions may also be affected. Devices using the following firmware and hardware are affected: firmware version 1.2.6 build 110401 Rel.47776n; hardware version iB-WRA150N v1 00000001
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201703-1116",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ib-wra150n",
"scope": "eq",
"trust": 1.0,
"vendor": "iball",
"version": "1.2.6"
},
{
"model": "baton 150m wireless-n broadband router",
"scope": "eq",
"trust": 0.8,
"vendor": "iball",
"version": "ib-wra150n v1 00000001"
},
{
"model": "baton 150m wireless-n broadband router",
"scope": "eq",
"trust": 0.8,
"vendor": "iball",
"version": "1.2.6 build 110401 rel.47776n"
},
{
"model": "baton 150m wireless-n adsi.2+ router",
"scope": "eq",
"trust": 0.6,
"vendor": "iball",
"version": "1.2.6"
},
{
"model": "baton 150m wireless-n router",
"scope": "eq",
"trust": 0.6,
"vendor": "iball",
"version": "1.2.6"
},
{
"model": "baton 150m wireless-n adsi.2+ router build",
"scope": "eq",
"trust": 0.3,
"vendor": "iball",
"version": "1.2.6110401"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-03186"
},
{
"db": "BID",
"id": "96822"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002235"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-408"
},
{
"db": "NVD",
"id": "CVE-2017-6558"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:iball:baton_150m_wireless-n_router",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:iball:baton_150m_wireless-n_router_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-002235"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Indrajith.A.N",
"sources": [
{
"db": "BID",
"id": "96822"
}
],
"trust": 0.3
},
"cve": "CVE-2017-6558",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2017-6558",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-03186",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-114761",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2017-6558",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-6558",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2017-6558",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2017-03186",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201703-408",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-114761",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2017-6558",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-03186"
},
{
"db": "VULHUB",
"id": "VHN-114761"
},
{
"db": "VULMON",
"id": "CVE-2017-6558"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002235"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-408"
},
{
"db": "NVD",
"id": "CVE-2017-6558"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "iball Baton 150M iB-WRA150N v1 00000001 1.2.6 build 110401 Rel.47776n devices are prone to an authentication bypass vulnerability that allows remote attackers to view and modify administrative router settings by reading the HTML source code of the password.cgi file. iBallBaton150MWirelessRouter is a wireless router. The iBallBaton150MWirelessRouter has an authentication bypass vulnerability. An attacker could exploit the vulnerability to bypass the authentication mechanism and perform unauthorized operations. iBall Baton 150M Wireless Router is prone to a authentication-bypass vulnerability. This may lead to further attacks. \niBall Baton 150M Wireless Router 1.2.6 build 110401 Rel.47776n is vulnerable; other versions may also be affected. Devices using the following firmware and hardware are affected: firmware version 1.2.6 build 110401 Rel.47776n; hardware version iB-WRA150N v1 00000001",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-6558"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002235"
},
{
"db": "CNVD",
"id": "CNVD-2017-03186"
},
{
"db": "BID",
"id": "96822"
},
{
"db": "VULHUB",
"id": "VHN-114761"
},
{
"db": "VULMON",
"id": "CVE-2017-6558"
}
],
"trust": 2.61
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-114761",
"trust": 0.1,
"type": "unknown"
},
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=42591",
"trust": 0.1,
"type": "exploit"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-114761"
},
{
"db": "VULMON",
"id": "CVE-2017-6558"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-6558",
"trust": 3.5
},
{
"db": "BID",
"id": "96822",
"trust": 2.7
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002235",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201703-408",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2017-03186",
"trust": 0.6
},
{
"db": "EXPLOIT-DB",
"id": "42591",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "141522",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-114761",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2017-6558",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-03186"
},
{
"db": "VULHUB",
"id": "VHN-114761"
},
{
"db": "VULMON",
"id": "CVE-2017-6558"
},
{
"db": "BID",
"id": "96822"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002235"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-408"
},
{
"db": "NVD",
"id": "CVE-2017-6558"
}
]
},
"id": "VAR-201703-1116",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-03186"
},
{
"db": "VULHUB",
"id": "VHN-114761"
}
],
"trust": 1.3306818
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-03186"
}
]
},
"last_update_date": "2025-04-20T23:22:25.499000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "iball Baton 150M Wireless-N Broadband Router",
"trust": 0.8,
"url": "http://www.iball.co.in/Product/150M-Wireless-N-Broadband-Router/539"
},
{
"title": "iBall-UTStar-CVEChecker",
"trust": 0.1,
"url": "https://github.com/GemGeorge/iBall-UTStar-CVEChecker "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/khulnasoft-lab/awesome-security "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2017-6558"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002235"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-798",
"trust": 1.1
},
{
"problemtype": "CWE-264",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-114761"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002235"
},
{
"db": "NVD",
"id": "CVE-2017-6558"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "http://www.securityfocus.com/bid/96822"
},
{
"trust": 1.8,
"url": "https://www.youtube.com/watch?v=8gzg1iusfcs"
},
{
"trust": 1.4,
"url": "http://seclists.org/fulldisclosure/2017/mar/22"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6558"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-6558"
},
{
"trust": 0.3,
"url": "http://www.iball.co.in/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/798.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.exploit-db.com/exploits/42591/"
},
{
"trust": 0.1,
"url": "https://github.com/gemgeorge/iball-utstar-cvechecker"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-03186"
},
{
"db": "VULHUB",
"id": "VHN-114761"
},
{
"db": "VULMON",
"id": "CVE-2017-6558"
},
{
"db": "BID",
"id": "96822"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002235"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-408"
},
{
"db": "NVD",
"id": "CVE-2017-6558"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-03186"
},
{
"db": "VULHUB",
"id": "VHN-114761"
},
{
"db": "VULMON",
"id": "CVE-2017-6558"
},
{
"db": "BID",
"id": "96822"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002235"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-408"
},
{
"db": "NVD",
"id": "CVE-2017-6558"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-03-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-03186"
},
{
"date": "2017-03-09T00:00:00",
"db": "VULHUB",
"id": "VHN-114761"
},
{
"date": "2017-03-09T00:00:00",
"db": "VULMON",
"id": "CVE-2017-6558"
},
{
"date": "2017-03-09T00:00:00",
"db": "BID",
"id": "96822"
},
{
"date": "2017-04-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-002235"
},
{
"date": "2017-03-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201703-408"
},
{
"date": "2017-03-09T09:59:00.363000",
"db": "NVD",
"id": "CVE-2017-6558"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-03-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-03186"
},
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-114761"
},
{
"date": "2021-06-17T00:00:00",
"db": "VULMON",
"id": "CVE-2017-6558"
},
{
"date": "2017-03-16T03:02:00",
"db": "BID",
"id": "96822"
},
{
"date": "2017-04-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-002235"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201703-408"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2017-6558"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201703-408"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "iBall Baton 150M iB-WRA150N Vulnerabilities that bypass authentication on devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-002235"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201703-408"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…