Lucene search

[email protected]CVE-2014-8654

HistoryNov 06, 2014 - 3:55 p.m.

CVE-2014-8654

2014-11-0615:55:10

CWE-352

[email protected]

web.nvd.nist.gov

cve-2014-8654

csrf

cross-site request forgery

compal broadband networks

cbn

ch6640e

cg6640e

wireless gateway

firmware

security vulnerability

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8 High

AI Score

Confidence

Low

0.045 Low

EPSS

Percentile

92.5%

JSON

Multiple cross-site request forgery (CSRF) vulnerabilities in Compal Broadband Networks (CBN) CH6640E and CG6640E Wireless Gateway hardware 1.0 with firmware CH6640-3.5.11.7-NOSH allow remote attackers to hijack the authentication of administrators for requests that (1) have unspecified impact on DDNS configuration via a request to basicDDNS.html, (2) change the wifi password via the psKey parameter to setWirelessSecurity.html, (3) add a static MAC address via the MacAddress parameter in an add_static action to setBasicDHCP1.html, or (4) enable or disable UPnP via the UPnP parameter in an apply action to setAdvancedOptions.html.

Affected configurations

NVD

Node

compal_broadband_networksfirmwareMatchch6640-3.5.11.7-nosh

AND

compal_broadband_networkscg6640e_wireless_gatewayMatch1.0

compal_broadband_networksch664oe_wireless_gatewayMatch1.0

CPENameOperatorVersion
compal_broadband_networks:firmwarecompal broadband networks firmwareeqch6640-3.5.11.7-nosh
compal_broadband_networks:cg6640e_wireless_gatewaycompal broadband networks cg6640e wireless gatewayeq1.0
compal_broadband_networks:ch664oe_wireless_gatewaycompal broadband networks ch664oe wireless gatewayeq1.0

CPE	Name	Operator	Version
compal_broadband_networks:firmware	compal broadband networks firmware	eq	ch6640-3.5.11.7-nosh
compal_broadband_networks:cg6640e_wireless_gateway	compal broadband networks cg6640e wireless gateway	eq	1.0
compal_broadband_networks:ch664oe_wireless_gateway	compal broadband networks ch664oe wireless gateway	eq	1.0

References

osvdb.org/show/osvdb/113840

osvdb.org/show/osvdb/113841

osvdb.org/show/osvdb/113842

osvdb.org/show/osvdb/113843

packetstormsecurity.com/files/128860/CBN-CH6640E-CG6640E-Wireless-Gateway-XSS-CSRF-DoS-Disclosure.html

www.exploit-db.com/exploits/35075

www.securityfocus.com/bid/70762

www.zeroscience.mk/en/vulnerabilities/ZSL-2014-5203.php

exchange.xforce.ibmcloud.com/vulnerabilities/98329

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8 High

AI Score

Confidence

Low

0.045 Low

EPSS

Percentile

92.5%

JSON

Related for CVE-2014-8654

cvelist1 nvd1 prion1 zeroscience1