CVE-2020-15043 — MEDIUM (6.5)

Vulnerability Description

iBall WRB303N devices allow CSRF attacks, as demonstrated by enabling remote management, enabling DHCP, or modifying the subnet range for IP addresses.

CVSS Score

6.5

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

NONE

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Iball	Wrb303N Firmware	-
Iball	Wrb303N	-

Related Weaknesses (CWE)

CWE-352

References

https://gist.github.com/Saket-taneja/4dda4b2df5aa0973a7160bb6bf8875e0ExploitThird Party Advisory
https://github.com/Saket-taneja/IballCSRFExploitThird Party Advisory
https://gist.github.com/Saket-taneja/4dda4b2df5aa0973a7160bb6bf8875e0ExploitThird Party Advisory
https://github.com/Saket-taneja/IballCSRFExploitThird Party Advisory

FAQ

What is CVE-2020-15043?

CVE-2020-15043 is a vulnerability with a CVSS score of 6.5 (MEDIUM). iBall WRB303N devices allow CSRF attacks, as demonstrated by enabling remote management, enabling DHCP, or modifying the subnet range for IP addresses.

How severe is CVE-2020-15043?

CVE-2020-15043 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-15043?

Check the references section above for vendor advisories and patch information. Affected products include: Iball Wrb303N Firmware, Iball Wrb303N.