Search criteria
1 vulnerability found for ee40vb by ee
VAR-201809-0900
Vulnerability from variot - Updated: 2024-11-23 22:00The installer for the Alcatel OSPREY3_MINI Modem component on EE EE40VB 4G mobile broadband modems with firmware before EE40_00_02.00_45 sets weak permissions (Everyone:Full Control) for the "Web Connecton\EE40" and "Web Connecton\EE40\BackgroundService" directories, which allows local users to gain privileges, as demonstrated by inserting a Trojan horse ServiceManager.exe file into the "Web Connecton\EE40\BackgroundService" directory. EE EE40VB 4G Mobile broadband modems contain vulnerabilities related to authorization, authority, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The 4GEEWiFiMini is a portable wireless router. A local elevation of privilege vulnerability exists in versions prior to 4GEEWiFiMiniEE40_00_02.00_45, which can be exploited by local attackers to gain elevated system privileges. EE 4GEE WiFi Mini is prone to a local privilege-escalation vulnerability. Versions prior to 4GEE WiFi Mini EE40_00_02.00_45 are vulnerable
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201809-0900",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ee40vb",
"scope": "lt",
"trust": 1.0,
"vendor": "ee",
"version": "ee40_00_02.00_45"
},
{
"model": "4gee wifi",
"scope": "lt",
"trust": 0.8,
"vendor": "ee",
"version": "ee40_00_02.00_45"
},
{
"model": "4gee wifi mini \u003cee40 00 02.00 45",
"scope": null,
"trust": 0.6,
"vendor": "ee",
"version": null
},
{
"model": "4gee wifi mini",
"scope": "eq",
"trust": 0.3,
"vendor": "ee",
"version": "0"
},
{
"model": "4gee wifi mini ee40 00 02.00 45",
"scope": "ne",
"trust": 0.3,
"vendor": "ee",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-20089"
},
{
"db": "BID",
"id": "105385"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013248"
},
{
"db": "NVD",
"id": "CVE-2018-14327"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:ee:4gee_wifi_mbb_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-013248"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Osanda Malith Jayathissa",
"sources": [
{
"db": "BID",
"id": "105385"
}
],
"trust": 0.3
},
"cve": "CVE-2018-14327",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CVE-2018-14327",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CNVD-2018-20089",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2018-14327",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-14327",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2018-14327",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2018-20089",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201809-1116",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2018-14327",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-20089"
},
{
"db": "VULMON",
"id": "CVE-2018-14327"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013248"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-1116"
},
{
"db": "NVD",
"id": "CVE-2018-14327"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The installer for the Alcatel OSPREY3_MINI Modem component on EE EE40VB 4G mobile broadband modems with firmware before EE40_00_02.00_45 sets weak permissions (Everyone:Full Control) for the \"Web Connecton\\EE40\" and \"Web Connecton\\EE40\\BackgroundService\" directories, which allows local users to gain privileges, as demonstrated by inserting a Trojan horse ServiceManager.exe file into the \"Web Connecton\\EE40\\BackgroundService\" directory. EE EE40VB 4G Mobile broadband modems contain vulnerabilities related to authorization, authority, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The 4GEEWiFiMini is a portable wireless router. A local elevation of privilege vulnerability exists in versions prior to 4GEEWiFiMiniEE40_00_02.00_45, which can be exploited by local attackers to gain elevated system privileges. EE 4GEE WiFi Mini is prone to a local privilege-escalation vulnerability. \nVersions prior to 4GEE WiFi Mini EE40_00_02.00_45 are vulnerable",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-14327"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013248"
},
{
"db": "CNVD",
"id": "CNVD-2018-20089"
},
{
"db": "BID",
"id": "105385"
},
{
"db": "VULMON",
"id": "CVE-2018-14327"
}
],
"trust": 2.52
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=45501",
"trust": 0.1,
"type": "exploit"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2018-14327"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-14327",
"trust": 3.4
},
{
"db": "PACKETSTORM",
"id": "149492",
"trust": 2.3
},
{
"db": "BID",
"id": "105385",
"trust": 2.0
},
{
"db": "EXPLOIT-DB",
"id": "45501",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013248",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2018-20089",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201809-1116",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2018-14327",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-20089"
},
{
"db": "VULMON",
"id": "CVE-2018-14327"
},
{
"db": "BID",
"id": "105385"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013248"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-1116"
},
{
"db": "NVD",
"id": "CVE-2018-14327"
}
]
},
"id": "VAR-201809-0900",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-20089"
}
],
"trust": 1.35
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-20089"
}
]
},
"last_update_date": "2024-11-23T22:00:18.087000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://ee.co.uk/"
},
{
"title": "4GEEWiFiMini local privilege escalation vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/141225"
},
{
"title": "4GEE WiFi Mini Fixes for permission permissions and access control vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=85164"
},
{
"title": "Exp101tsArchiv30thers",
"trust": 0.1,
"url": "https://github.com/nu11secur1ty/Exp101tsArchiv30thers "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/lnick2023/nicenice "
},
{
"title": "awesome-cve-poc_qazbnm456",
"trust": 0.1,
"url": "https://github.com/xbl3/awesome-cve-poc_qazbnm456 "
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-20089"
},
{
"db": "VULMON",
"id": "CVE-2018-14327"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013248"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-1116"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-732",
"trust": 1.0
},
{
"problemtype": "CWE-264",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-013248"
},
{
"db": "NVD",
"id": "CVE-2018-14327"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "https://osandamalith.com/2018/09/17/ee-4gee-mini-local-privilege-escalation-vulnerability-cve-2018-14327/"
},
{
"trust": 2.3,
"url": "http://packetstormsecurity.com/files/149492/ee-4gee-mini-local-privilege-escalation.html"
},
{
"trust": 2.0,
"url": "http://blog.zerodaylab.com/2018/09/zerodaylab-discovers-ee-unquoted.html"
},
{
"trust": 1.8,
"url": "http://www.securityfocus.com/bid/105385"
},
{
"trust": 1.8,
"url": "https://www.exploit-db.com/exploits/45501/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-14327"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14327"
},
{
"trust": 0.3,
"url": "https://ee.co.uk/help/phones-and-device/ee/4gee-wifi"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/732.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-20089"
},
{
"db": "VULMON",
"id": "CVE-2018-14327"
},
{
"db": "BID",
"id": "105385"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013248"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-1116"
},
{
"db": "NVD",
"id": "CVE-2018-14327"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-20089"
},
{
"db": "VULMON",
"id": "CVE-2018-14327"
},
{
"db": "BID",
"id": "105385"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013248"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-1116"
},
{
"db": "NVD",
"id": "CVE-2018-14327"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-09-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-20089"
},
{
"date": "2018-09-26T00:00:00",
"db": "VULMON",
"id": "CVE-2018-14327"
},
{
"date": "2018-09-17T00:00:00",
"db": "BID",
"id": "105385"
},
{
"date": "2019-02-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-013248"
},
{
"date": "2018-09-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201809-1116"
},
{
"date": "2018-09-26T22:29:00.310000",
"db": "NVD",
"id": "CVE-2018-14327"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-09-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-20089"
},
{
"date": "2019-10-03T00:00:00",
"db": "VULMON",
"id": "CVE-2018-14327"
},
{
"date": "2018-09-17T00:00:00",
"db": "BID",
"id": "105385"
},
{
"date": "2019-02-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-013248"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201809-1116"
},
{
"date": "2024-11-21T03:48:49.520000",
"db": "NVD",
"id": "CVE-2018-14327"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "105385"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-1116"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "EE EE40VB 4G Vulnerabilities related to authorization, authority, and access control in mobile broadband modems",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-013248"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control issues",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201809-1116"
}
],
"trust": 0.6
}
}