← back
CVE-2017-14147

CVE-2017-14147

EPSS 65.6%
Vexday Risk Score
35Attention
SSVC decision (CISA)
Attend
PoC available → attend closely
Exploit maturity
Proof of concept
Public proof of concept exists, but not yet automated.
CVSS EPSS 65.6%KEV nãoPoC públicaNuclei Metasploit Patch
Lifecycle
05 Sep 2017Public PoC
07 Sep 2017Published on NVD
Recommendation: Plan a near-term fix — a public PoC already exists.
An issue was discovered on FiberHome User End Routers Bearing Model Number AN1020-25 which could allow an attacker to easily restore a router to its factory settings by simply browsing to the link http://[Default-Router-IP]/restoreinfo.cgi & execute it. Due to improper authentication on this page, the software accepts the request hence allowing attacker to reset the router to its default configurations which later could allow attacker to login to router by using default username/password.
Affected products
n/a · n/a
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.