3 matches found
CVE-2017-14267
EE 4GEE WiFi MBB devices (before EE60_00_05.00_31) are affected by a Cross‑Site Request Forgery (CSRF) vulnerability in admin actions exposed via goform/AddNewProfile, goform/setWanDisconnect, goform/setSMSAutoRedirectSetting, goform/setReset, and goform/uploadBackupSettings. The issue enables un...
CVE-2017-14269
CVE-2017-14269 affects EE 4GEE WiFi MBB devices (before EE60_00_05.00_31). The vulnerability allows remote attackers to obtain sensitive data via a JSONP endpoint, demonstrated as passwords and SMS content exposure. The root cause is an insecure JSONP/endpoint handling that leaks confidential inf...
CVE-2017-14268
CVE-2017-14268 affects EE 4GEE WiFi MBB devices (before EE60_00_05.00_31). A Cross-Site Scripting (XSS) vulnerability exists in the sms_content parameter of a getSMSlist request. Exploitation context and impact are limited in the provided documents to input‑based script injection; no further expl...