Vulnerability Details CVE-2014-8654
Multiple cross-site request forgery (CSRF) vulnerabilities in Compal Broadband Networks (CBN) CH6640E and CG6640E Wireless Gateway hardware 1.0 with firmware CH6640-3.5.11.7-NOSH allow remote attackers to hijack the authentication of administrators for requests that (1) have unspecified impact on DDNS configuration via a request to basicDDNS.html, (2) change the wifi password via the psKey parameter to setWirelessSecurity.html, (3) add a static MAC address via the MacAddress parameter in an add_static action to setBasicDHCP1.html, or (4) enable or disable UPnP via the UPnP parameter in an apply action to setAdvancedOptions.html.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.038
EPSS Ranking 87.5%
CVSS Severity
CVSS v2 Score 6.8
References
- http://osvdb.org/show/osvdb/113840
- http://osvdb.org/show/osvdb/113841
- http://osvdb.org/show/osvdb/113842
- http://osvdb.org/show/osvdb/113843
- http://packetstormsecurity.com/files/128860/CBN-CH6640E-CG6640E-Wireless-Gateway-XSS-CSRF-DoS-Disclosure.html
- http://www.exploit-db.com/exploits/35075
- http://www.securityfocus.com/bid/70762
- http://www.zeroscience.mk/en/vulnerabilities/ZSL-2014-5203.php
- https://exchange.xforce.ibmcloud.com/vulnerabilities/98329
- http://osvdb.org/show/osvdb/113840
- http://osvdb.org/show/osvdb/113841
- http://osvdb.org/show/osvdb/113842
- http://osvdb.org/show/osvdb/113843
- http://packetstormsecurity.com/files/128860/CBN-CH6640E-CG6640E-Wireless-Gateway-XSS-CSRF-DoS-Disclosure.html
- http://www.exploit-db.com/exploits/35075
- http://www.securityfocus.com/bid/70762
- http://www.zeroscience.mk/en/vulnerabilities/ZSL-2014-5203.php
- https://exchange.xforce.ibmcloud.com/vulnerabilities/98329
Products affected by CVE-2014-8654
-
cpe:2.3:a:compal_broadband_networks:firmware:ch6640-3.5.11.7-nosh
-
cpe:2.3:h:compal_broadband_networks:cg6640e_wireless_gateway:1.0
-
cpe:2.3:h:compal_broadband_networks:ch664oe_wireless_gateway:1.0