Lucene search

K
cve[email protected]CVE-2014-8654
HistoryNov 06, 2014 - 3:55 p.m.

CVE-2014-8654

2014-11-0615:55:10
CWE-352
web.nvd.nist.gov
22
cve-2014-8654
csrf
cross-site request forgery
compal broadband networks
cbn
ch6640e
cg6640e
wireless gateway
firmware
security vulnerability

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8 High

AI Score

Confidence

Low

0.045 Low

EPSS

Percentile

92.5%

Multiple cross-site request forgery (CSRF) vulnerabilities in Compal Broadband Networks (CBN) CH6640E and CG6640E Wireless Gateway hardware 1.0 with firmware CH6640-3.5.11.7-NOSH allow remote attackers to hijack the authentication of administrators for requests that (1) have unspecified impact on DDNS configuration via a request to basicDDNS.html, (2) change the wifi password via the psKey parameter to setWirelessSecurity.html, (3) add a static MAC address via the MacAddress parameter in an add_static action to setBasicDHCP1.html, or (4) enable or disable UPnP via the UPnP parameter in an apply action to setAdvancedOptions.html.

Affected configurations

NVD
Node
compal_broadband_networksfirmwareMatchch6640-3.5.11.7-nosh
AND
compal_broadband_networkscg6640e_wireless_gatewayMatch1.0
OR
compal_broadband_networksch664oe_wireless_gatewayMatch1.0

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8 High

AI Score

Confidence

Low

0.045 Low

EPSS

Percentile

92.5%

Related for CVE-2014-8654