CVE-2018-20008 Information

Description

iBall Baton iB-WRB302N20122017 devices have improper access control over the UART interface allowing physical attackers to discover Wi-Fi credentials (plain text) and the web-console password (base64) via the debugging console.

CVSS Vector

CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Reference

https://payatu.com/ibaton-routers-responsible-disclosure/ https://www.iball.co.in/Category/Baton/283

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

6.8