Vulnerabilities > Iball > IB Wrb302N Firmware
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-05-28 | CVE-2018-20008 | Incorrect Permission Assignment for Critical Resource vulnerability in Iball Ib-Wrb302N Firmware Ibwrb302N20122017 iBall Baton iB-WRB302N20122017 devices have improper access control over the UART interface, allowing physical attackers to discover Wi-Fi credentials (plain text) and the web-console password (base64) via the debugging console. | 2.1 |
| 2018-01-30 | CVE-2018-6355 | Cross-site Scripting vulnerability in Iball Ib-Wrb302N Firmware 1.0.1Sep82017 /goform/setLang on iBall 300M devices with "iB-WRB302N_1.0.1-Sep 8 2017" firmware has Unauthenticated Stored Cross Site Scripting via the lang parameter. | 4.3 |