[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[FD] Bypassing Authentication on iball Baton Routers
iball Baton 150M Wireless router - Authentication Bypass
iball Envisioning the tremendous potential for innovative products required
by the ever evolving users in computing and digital world, iBall was
launched in September 2001 and which is one of the leading networking
iball Baton 150M Wireless-N ADSI.2+ Router
iball Baton 150M Router's login page is insecurely developed that any
attacker could bypass the admin's authentication just by tweaking the
Firmware Version : 1.2.6 build 110401 Rel.47776n
Hardware Version : iB-WRA150N v1 00000001
Any attacker can escalate his privilege to admin using this vulnerability.
Proof Of Concept:
1) Navigate to Routers Login page which is usually IPV4 default Gateway IP,
2) Now just append password.cgi to the URL i.e
3) Force wget to view content of the CGI file, We can see the (hidden tag)
in the comment section which contians the updated Username, Role and
4) Successfully logged in using the disclosed credentials.
Vendor Notification: March 5, 2017
Application Security Analyst.
Sent through the Full Disclosure mailing list
Web Archives & RSS: http://seclists.org/fulldisclosure/