Lucene search

K
cve[email protected]CVE-2014-8655
HistoryNov 06, 2014 - 3:55 p.m.

CVE-2014-8655

2014-11-0615:55:10
CWE-264
web.nvd.nist.gov
36
compal broadband networks
ch6640e
cg6640e
wireless gateway
firmware
authentication bypass
sensitive information
cve-2014-8655

6.9 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.005 Low

EPSS

Percentile

77.0%

The Compal Broadband Networks (CBN) CH6640E and CG6640E Wireless Gateway 1.0 with firmware CH6640-3.5.11.7-NOSH allows remote attackers to bypass authentication and obtain sensitive information via an (a) admin or a (b) root value in the userData cookie in a request to (1) CmgwWirelessSecurity.xml, (2) DocsisConfigFile.xml, or (3) CmgwBasicSetup.xml in xml/ or (4) basicDDNS.html, (5) basicLanUsers.html, or (6) rootDesc.xml.

Affected configurations

NVD
Node
compal_broadband_networksfirmwareMatchch6640-3.5.11.7-nosh
AND
compal_broadband_networkscg6640e_wireless_gatewayMatch1.0
OR
compal_broadband_networksch664oe_wireless_gatewayMatch1.0

6.9 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.005 Low

EPSS

Percentile

77.0%

Related for CVE-2014-8655