QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2014-8654

Back to search

CVE-2014-8654

Published: Nov 6, 2014

Modified: Aug 6, 2024

PUBLISHED

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in Compal Broadband Networks (CBN) CH6640E and CG6640E Wireless Gateway hardware 1.0 with firmware CH6640-3.5.11.7-NOSH allow remote attackers to hijack the authentication of administrators for requests that (1) have unspecified impact on DDNS configuration via a request to basicDDNS.html, (2) change the wifi password via the psKey parameter to setWirelessSecurity.html, (3) add a static MAC address via the MacAddress parameter in an add_static action to setBasicDHCP1.html, or (4) enable or disable UPnP via the UPnP parameter in an apply action to setAdvancedOptions.html.

VendorProductVersions

n/a

n/a

affected
n/a

References

70762
vdb-entry
x_refsource_BID
113843
vdb-entry
x_refsource_OSVDB
cbn-ch6640ecg6640e-csrf(98329)
vdb-entry
x_refsource_XF
113842
vdb-entry
x_refsource_OSVDB
113841
vdb-entry
x_refsource_OSVDB
35075
exploit
x_refsource_EXPLOIT-DB
113840
vdb-entry
x_refsource_OSVDB

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now