VAR-201709-0399
Vulnerability from variot - Updated: 2025-04-20 23:42EE 4GEE WiFi MBB (before EE60_00_05.00_31) devices allow remote attackers to obtain sensitive information via a JSONP endpoint, as demonstrated by passwords and SMS content. EE 4GEE WiFi MBB The device contains an information disclosure vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. EE4GEEWiFiMBB is a mobile wireless router device from EE UK. A cross-site request forgery vulnerability exists in versions prior to EE4GEEWiFiMBBEE60_00_05.00_31. A remote attacker could exploit the vulnerability to tamper a user to a malicious website to perform unauthorized operations. There are security vulnerabilities in EE 4GEE WiFi MBB versions prior to EE60_00_05.00_31
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201709-0399",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "4gee wifi mbb",
"scope": "lte",
"trust": 1.0,
"vendor": "ee",
"version": "ee60_00_05.00_25"
},
{
"model": "4gee wifi",
"scope": "lt",
"trust": 0.8,
"vendor": "ee",
"version": "ee60_00_05.00_31"
},
{
"model": "4gee wifi mbb \u003cee60 00 05.00 31",
"scope": null,
"trust": 0.6,
"vendor": "ee",
"version": null
},
{
"model": "4gee wifi mbb",
"scope": "eq",
"trust": 0.6,
"vendor": "ee",
"version": "ee60_00_05.00_25"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-33064"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007943"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-420"
},
{
"db": "NVD",
"id": "CVE-2017-14269"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:ee:4gee_wifi_mbb_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-007943"
}
]
},
"cve": "CVE-2017-14269",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2017-14269",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-33064",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-104974",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2017-14269",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-14269",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2017-14269",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2017-33064",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201709-420",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-104974",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-33064"
},
{
"db": "VULHUB",
"id": "VHN-104974"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007943"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-420"
},
{
"db": "NVD",
"id": "CVE-2017-14269"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "EE 4GEE WiFi MBB (before EE60_00_05.00_31) devices allow remote attackers to obtain sensitive information via a JSONP endpoint, as demonstrated by passwords and SMS content. EE 4GEE WiFi MBB The device contains an information disclosure vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. EE4GEEWiFiMBB is a mobile wireless router device from EE UK. A cross-site request forgery vulnerability exists in versions prior to EE4GEEWiFiMBBEE60_00_05.00_31. A remote attacker could exploit the vulnerability to tamper a user to a malicious website to perform unauthorized operations. There are security vulnerabilities in EE 4GEE WiFi MBB versions prior to EE60_00_05.00_31",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-14269"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007943"
},
{
"db": "CNVD",
"id": "CNVD-2017-33064"
},
{
"db": "VULHUB",
"id": "VHN-104974"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-14269",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007943",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201709-420",
"trust": 0.7
},
{
"db": "EXPLOITALERT",
"id": "27496",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2017-33064",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-104974",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-33064"
},
{
"db": "VULHUB",
"id": "VHN-104974"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007943"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-420"
},
{
"db": "NVD",
"id": "CVE-2017-14269"
}
]
},
"id": "VAR-201709-0399",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-33064"
},
{
"db": "VULHUB",
"id": "VHN-104974"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-33064"
}
]
},
"last_update_date": "2025-04-20T23:42:57.355000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "4GEE WiFi",
"trust": 0.8,
"url": "http://ee.co.uk/help/mobile-and-home-connections/broadband-gallery-mobile-broadband/mobile-broadband"
},
{
"title": "Patch for EE4GEEWiFiMBB cross-site request forgery vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/105616"
},
{
"title": "EE 4GEE WiFi MBB Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=74682"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-33064"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007943"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-420"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-104974"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007943"
},
{
"db": "NVD",
"id": "CVE-2017-14269"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://seclists.org/fulldisclosure/2017/sep/13"
},
{
"trust": 1.7,
"url": "https://blog.jameshemmings.co.uk/2017/08/24/ee-4gee-mobile-wifi-router-multiple-security-vulnerabilities-writeup"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-14269"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-14269"
},
{
"trust": 0.8,
"url": "https://blog.jameshemmings.co.uk/2017/08/24/ee-4gee-mobile-wifi-router-multiple-security-vulnerabilities-writeup/"
},
{
"trust": 0.6,
"url": "http://www.exploitalert.com/view-details.html?id=27496"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-33064"
},
{
"db": "VULHUB",
"id": "VHN-104974"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007943"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-420"
},
{
"db": "NVD",
"id": "CVE-2017-14269"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-33064"
},
{
"db": "VULHUB",
"id": "VHN-104974"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007943"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-420"
},
{
"db": "NVD",
"id": "CVE-2017-14269"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-11-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-33064"
},
{
"date": "2017-09-11T00:00:00",
"db": "VULHUB",
"id": "VHN-104974"
},
{
"date": "2017-10-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-007943"
},
{
"date": "2017-09-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201709-420"
},
{
"date": "2017-09-11T09:29:00.857000",
"db": "NVD",
"id": "CVE-2017-14269"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-11-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-33064"
},
{
"date": "2017-09-15T00:00:00",
"db": "VULHUB",
"id": "VHN-104974"
},
{
"date": "2017-10-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-007943"
},
{
"date": "2017-09-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201709-420"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2017-14269"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201709-420"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "EE 4GEE WiFi MBB Information disclosure vulnerability in devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-007943"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201709-420"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…