QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2018-14327

Back to search

CVE-2018-14327

Published: Sep 26, 2018

Modified: Aug 5, 2024

PUBLISHED

Description

The installer for the Alcatel OSPREY3_MINI Modem component on EE EE40VB 4G mobile broadband modems with firmware before EE40_00_02.00_45 sets weak permissions (Everyone:Full Control) for the "Web Connecton\EE40" and "Web Connecton\EE40\BackgroundService" directories, which allows local users to gain privileges, as demonstrated by inserting a Trojan horse ServiceManager.exe file into the "Web Connecton\EE40\BackgroundService" directory.

VendorProductVersions

n/a

n/a

affected
n/a

References

45501
exploit
x_refsource_EXPLOIT-DB
105385
vdb-entry
x_refsource_BID

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now