CVE-2017-14147
CVE-2017-14147
Vexday Risk Score
35Attention
SSVC decision (CISA)
Attend
PoC available → attend closely
Exploit maturity
Proof of concept
Public proof of concept exists, but not yet automated.
CVSS —EPSS 65.6%KEV nãoPoC públicaNuclei —Metasploit —Patch —
Lifecycle
05 Sep 2017Public PoC
07 Sep 2017Published on NVD
Recommendation: Plan a near-term fix — a public PoC already exists.
An issue was discovered on FiberHome User End Routers Bearing Model Number AN1020-25 which could allow an attacker to easily restore a router to its factory settings by simply browsing to the link http://[Default-Router-IP]/restoreinfo.cgi & execute it. Due to improper authentication on this page, the software accepts the request hence allowing attacker to reset the router to its default configurations which later could allow attacker to login to router by using default username/password.
Affected products
n/a · n/apublic PoCs found — 3
cve_referencepacketstormsecurity.com/files/144022/FiberHome-Unauthenticated-ADSL-Router-Factory-Reset.htmlunverifiedcve_referencewww.exploit-db.com/exploits/42649/unverifiedexploitdbwww.exploit-db.com/exploits/42649unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.