Signature Detail
This site is deprecated. Please CLICK HERE for latest updates
Short Name |
HTTP:FIBERHOME-ADSL-AN-IAR |
|---|---|
Severity |
Minor |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
FiberHome ADSL AN1020-25 Improper Access Restrictions |
Release Date |
2019/03/28 |
Update Number |
3157 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
HTTP: FiberHome ADSL AN1020-25 Improper Access Restrictions
This signature detects attempts to exploit a known vulnerability against FiberHome ADSL AN1020-25. A successful attack can lead to attacker restoring a router to its factory settings.
Extended Description
An issue was discovered on FiberHome User End Routers Bearing Model Number AN1020-25 which could allow an attacker to easily restore a router to its factory settings by simply browsing to the link http://[Default-Router-IP]/restoreinfo.cgi & execute it. Due to improper authentication on this page, the software accepts the request hence allowing attacker to reset the router to its default configurations which later could allow attacker to login to router by using default username/password.
Affected Products
- Fiberhomegroup adsl_an1020-25_firmware -
References
- CVE: CVE-2017-14147