Published: 17/09/2017 Updated: 03/10/2019

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 1000

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

An authentication bypass vulnerability on UTStar WA3002G4 ADSL Broadband Modem WA3002G4-0021.01 devices allows malicious users to directly access administrative settings and obtain cleartext credentials from HTML source, as demonstrated by info.cgi, upload.cgi, backupsettings.cgi, pppoe.cgi, resetrouter.cgi, and password.cgi.

Vulnerable Product	Search on Vulmon	Subscribe to Product
utstar wa3002g4_firmware wa3002g4-0021.01

# Exploit Title: UTStar WA3002G4 ADSL Broadband Modem Authentication Bypass Vulnerability # CVE: CVE-2017-14243 # Date: 15-09-2017 # Exploit Author: Gem George # Author Contact: wwwlinkedincom/in/gemgrge # Vulnerable Product: UTStar WA3002G4 ADSL Broadband Modem # Firmware version: WA3002G4-002101 # Vendor Homepage: wwwutstarcom ...

UTStar WA3002G4 ADSL Broadband Modem suffers from multiple authentication bypass vulnerabilities ...

POC checks for CVE-2017-6558, CVE-2017-14243 & CVE-2017-14244

iBall & UTStar Authentication Bypass & Information Disclosure Vulnerabilities POC checks for CVE-2017-6558, CVE-2017-14243 & CVE-2017-14244 Screenshots References wwwtechipickcom/iball-baton-adsl2-home-router-utstar-wa3002g4-adsl-broadband-modem-authentication-bypass wwwexploit-dbcom/exploits/42739/ wwwexploit-dbcom/explo

CWE-287 https://www.techipick.com/iball-baton-adsl2-home-router-utstar-wa3002g4-adsl-broadband-modem-authentication-bypass https://www.exploit-db.com/exploits/42739/https://nvd.nist.gov https://github.com/GemGeorge/iBall-UTStar-CVEChecker https://www.exploit-db.com/exploits/42739/

CVE-2017-14243

Vulnerability Summary

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect