What is CVE-2017-6558?

CVE-2017-6558 is a critical-severity vulnerability in Iball Ib-wra150n, classified under Use of Hard-coded Credentials. CVSS score: 9.8/10. Published 2017-03-09.

How severe is CVE-2017-6558?

Critical severity. CVSS v3 base score is 9.8 out of 10.

Is CVE-2017-6558 known to be exploited?

5 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Iball Ib-wra150n

CVE-2017-6558

iball Baton 150M iB-WRA150N v1 00000001 1.2.6 build 110401 Rel.47776n devices are prone to an authentication bypass vulnerability that allows remote attackers to view and modify administrative router settings by reading the HTML source cod…

EPSS: 0.348 (97.1th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.8 (Critical). Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

Affected products

Iball Ib-wra150n
Iball Ib-wra150n_firmware — versions 1.2.6
N/a — versions n/a

Weakness classification (CWE)

CWE-798 — Use of Hard-coded Credentials

Public proof-of-concept exploits

References

cve@mitre.org (x_refsource_MISC)
cve@mitre.org (vdb-entry, x_refsource_BID)

Frequently asked questions

What is CVE-2017-6558?: CVE-2017-6558 is a critical-severity vulnerability in Iball Ib-wra150n, classified under Use of Hard-coded Credentials. CVSS score: 9.8/10. Published 2017-03-09.
How severe is CVE-2017-6558?: Critical severity. CVSS v3 base score is 9.8 out of 10.
Is CVE-2017-6558 known to be exploited?: 5 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.