Want to get paid for a vulnerability similar to this one?
Contact us at: firstname.lastname@example.org
See our full scope at: https://blogs.securiteam.com/index.php/product_scope
The following advisory describes two (2) vulnerabilities found in iB-WRA150N devices, firmware 1.2.6 build 110401 Rel.47776n.
iB-WRA150N is “a powerful solution to Internet connectivity at home, small offices and work stations. The key is if you are using an ADSL2+ connection now and later decide to change to Broadband or vice-versa you don’t need to change your router. This iBall router is 2-in-1 and compatible to both – Broadband connection as well as ADSL2 connection (Telephone connection or cable operator connection). ”
The vulnerabilities found are:
- Hard coded accounts
- Remote command execution
An independent security researcher, maxki4x, has reported this vulnerabilities to Beyond Security’s SecuriTeam Secure Disclosure program.
We tried to contact iBall since December 20 2017, repeated attempts to establish contact were answered, but no details have been provided on a solution or a workaround.
Continue reading SSD Advisory – iBall Multiple Vulnerabilities