cbcvebase.
CVE-2014-8654
published 2014-11-06

CVE-2014-8654: Multiple cross-site request forgery (CSRF) vulnerabilities in Compal Broadband Networks (CBN) CH6640E and CG6640E Wireless Gateway hardware 1.0 with firmware…

PriorityP337medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
2.87%
85.1th percentile
Multiple cross-site request forgery (CSRF) vulnerabilities in Compal Broadband Networks (CBN) CH6640E and CG6640E Wireless Gateway hardware 1.0 with firmware CH6640-3.5.11.7-NOSH allow remote attackers to hijack the authentication of administrators for requests that (1) have unspecified impact on DDNS configuration via a request to basicDDNS.html, (2) change the wifi password via the psKey parameter to setWirelessSecurity.html, (3) add a static MAC address via the MacAddress parameter in an add_static action to setBasicDHCP1.html, or (4) enable or disable UPnP via the UPnP parameter in an apply action to setAdvancedOptions.html.

Affected

3 ranges
VendorProductVersion rangeFixed in
compal_broadband_networkscg6640e_wireless_gateway
compal_broadband_networksch664oe_wireless_gateway
compal_broadband_networksfirmware
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.