Vulnerabilities > Iball > IB Wra150N Firmware > 1.2.6

DATE CVE VULNERABILITY TITLE RISK
2018-01-29 CVE-2018-6388 OS Command Injection vulnerability in Iball Ib-Wra150N Firmware 1.2.6
iBall iB-WRA150N 1.2.6 build 110401 Rel.47776n devices allow remote authenticated users to execute arbitrary OS commands via shell metacharacters in the ping test arguments on the Diagnostics page.
network
low complexity
iball CWE-78
critical
 9.0
9.0
2018-01-29 CVE-2018-6387 Use of Hard-coded Credentials vulnerability in Iball Ib-Wra150N Firmware 1.2.6
iBall iB-WRA150N 1.2.6 build 110401 Rel.47776n devices have a hardcoded password of admin for the admin account, a hardcoded password of support for the support account, and a hardcoded password of user for the user account.
network
low complexity
iball CWE-798
critical
 10.0
10
2017-03-09 CVE-2017-6558 Use of Hard-coded Credentials vulnerability in Iball Ib-Wra150N Firmware 1.2.6
iball Baton 150M iB-WRA150N v1 00000001 1.2.6 build 110401 Rel.47776n devices are prone to an authentication bypass vulnerability that allows remote attackers to view and modify administrative router settings by reading the HTML source code of the password.cgi file.
network
low complexity
iball CWE-798
5.0
5.0