CVE-2014-8656

The Compal Broadband Networks (CBN) CH6640E and CG6640E Wireless Gateway 1.0 with firmware CH6640-3.5.11.7-NOSH have a default password of (1) admin for the admin account and (2) compalbn for the root account, which makes it easier for remote attackers to obtain access to certain sensitive information via unspecified vectors.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://osvdb.org/show/osvdb/113836
http://www.exploit-db.com/exploits/35075	Exploit
http://packetstormsecurity.com/files/128860/CBN-CH6640E-CG6640E-Wireless-Gateway-XSS-CSRF-DoS-Disclosure.html	Exploit
http://www.zeroscience.mk/en/vulnerabilities/ZSL-2014-5203.php	Exploit

Advertisement

Configurations

Configuration 1 (hide)

AND

cpe:2.3:a:compal_broadband_networks:firmware:ch6640-3.5.11.7-nosh:*:*:*:*:*:*:*

OR	cpe:2.3:h:compal_broadband_networks:cg6640e_wireless_gateway:1.0:::::::*
	cpe:2.3:h:compal_broadband_networks:ch664oe_wireless_gateway:1.0:::::::*

Information

Published : 2014-11-06 07:55

Updated : 2014-11-06 11:20

NVD link : CVE-2014-8656

Mitre link : CVE-2014-8656

JSON object : View

CWE

CWE-255

Credentials Management Errors

Advertisement

Products Affected

compal_broadband_networks

ch664oe_wireless_gateway
firmware
cg6640e_wireless_gateway

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://osvdb.org/show/osvdb/113836", "name": "113836", "tags": [], "refsource": "OSVDB"}, {"url": "http://www.exploit-db.com/exploits/35075", "name": "35075", "tags": ["Exploit"], "refsource": "EXPLOIT-DB"}, {"url": "http://packetstormsecurity.com/files/128860/CBN-CH6640E-CG6640E-Wireless-Gateway-XSS-CSRF-DoS-Disclosure.html", "name": "http://packetstormsecurity.com/files/128860/CBN-CH6640E-CG6640E-Wireless-Gateway-XSS-CSRF-DoS-Disclosure.html", "tags": ["Exploit"], "refsource": "MISC"}, {"url": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2014-5203.php", "name": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2014-5203.php", "tags": ["Exploit"], "refsource": "MISC"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "The Compal Broadband Networks (CBN) CH6640E and CG6640E Wireless Gateway 1.0 with firmware CH6640-3.5.11.7-NOSH have a default password of (1) admin for the admin account and (2) compalbn for the root account, which makes it easier for remote attackers to obtain access to certain sensitive information via unspecified vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-255"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2014-8656", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "severity": "HIGH", "impactScore": 10.0, "obtainAllPrivilege": true, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2014-11-06T15:55Z", "configurations": {"nodes": [{"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:compal_broadband_networks:firmware:ch6640-3.5.11.7-nosh:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:compal_broadband_networks:cg6640e_wireless_gateway:1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:compal_broadband_networks:ch664oe_wireless_gateway:1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "operator": "AND", "cpe_match": []}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2014-11-06T19:20Z"}