iBall Baton iB-WRB302N20122017 devices have improper access control over the UART interface, allowing physical attackers to discover Wi-Fi credentials (plain text) and the web-console password (base64) via the debugging console.
The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Ib-wrb302n_firmware | Iball | ib-wrb302n20122017 (including) | ib-wrb302n20122017 (including) |