Details of VAR-201407-0057

ID

VAR-201407-0057

CVE

CVE-2014-4716

TITLE

Thomson TWG87OUIR Vulnerable to cross-site request forgery

Trust: 0.8

sources: JVNDB: JVNDB-2014-003204

DESCRIPTION

Cross-site request forgery (CSRF) vulnerability in Thomson TWG87OUIR allows remote attackers to hijack the authentication of unspecified victims for requests that change passwords via the Password and PasswordReEnter parameters to goform/RgSecurity. The Thomson TWG87OUIR router is a router device. An attacker may leverage this issue to perform certain unauthorized actions. This may lead to further attacks

Trust: 2.43

sources: NVD: CVE-2014-4716 // JVNDB: JVNDB-2014-003204 // CNVD: CNVD-2014-03985 // BID: 68216

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2014-03985

AFFECTED PRODUCTS

vendor:	thomson	model:	twg87ouir	scope:	eq	version:	-	Trust: 1.6
vendor:	thomson	model:	twg87ouir	scope:	-	version:	-	Trust: 0.8
vendor:	thomson	model:	twg87ouir router	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2014-03985 // JVNDB: JVNDB-2014-003204 // CNNVD: CNNVD-201406-709 // NVD: CVE-2014-4716

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-4716
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2014-4716
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2014-03985
value:	LOW
Trust: 0.6
CNNVD:	CNNVD-201406-709
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2014-4716
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2014-03985
severity:	LOW
baseScore:	3.5
vectorString:	AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	6.8
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2014-03985 // JVNDB: JVNDB-2014-003204 // CNNVD: CNNVD-201406-709 // NVD: CVE-2014-4716

PROBLEMTYPE DATA

problemtype:

CWE-352

Trust: 1.8

sources: JVNDB: JVNDB-2014-003204 // NVD: CVE-2014-4716

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201406-709

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-201406-709

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-003204

PATCH

title:

Thomson TWG87OUIR Router '/goform/RgSecurity' patch for cross-site request forgery vulnerability

url:

https://www.cnvd.org.cn/patchInfo/show/46930

Trust: 0.6

sources: CNVD: CNVD-2014-03985

EXTERNAL IDS

db:	OSVDB	id:	108397	Trust: 3.0
db:	NVD	id:	CVE-2014-4716	Trust: 2.7
db:	EXPLOIT-DB	id:	33866	Trust: 2.2
db:	PACKETSTORM	id:	127244	Trust: 1.6
db:	BID	id:	68216	Trust: 1.5
db:	JVNDB	id:	JVNDB-2014-003204	Trust: 0.8
db:	EXPLOITDB	id:	33866	Trust: 0.6
db:	CNVD	id:	CNVD-2014-03985	Trust: 0.6
db:	CNNVD	id:	CNNVD-201406-709	Trust: 0.6

sources: CNVD: CNVD-2014-03985 // BID: 68216 // JVNDB: JVNDB-2014-003204 // CNNVD: CNNVD-201406-709 // NVD: CVE-2014-4716

REFERENCES

url:	http://osvdb.org/show/osvdb/108397	Trust: 2.4
url:	http://www.exploit-db.com/exploits/33866	Trust: 1.6
url:	http://packetstormsecurity.com/files/127244/thomson-twg87ouir-cross-site-request-forgery.html	Trust: 1.6
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-4716	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-4716	Trust: 0.8
url:	http://www.exploit-db.com/exploits/33866/	Trust: 0.6
url:	http://osvdb.com/show/osvdb/108397	Trust: 0.6
url:	http://www.securityfocus.com/bid/68216	Trust: 0.6

sources: CNVD: CNVD-2014-03985 // JVNDB: JVNDB-2014-003204 // CNNVD: CNNVD-201406-709 // NVD: CVE-2014-4716

CREDITS

nopesled

Trust: 0.9

sources: BID: 68216 // CNNVD: CNNVD-201406-709

SOURCES

db:	CNVD	id:	CNVD-2014-03985
db:	BID	id:	68216
db:	JVNDB	id:	JVNDB-2014-003204
db:	CNNVD	id:	CNNVD-201406-709
db:	NVD	id:	CVE-2014-4716

LAST UPDATE DATE

2025-04-13T23:27:37.555000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2014-03985	date:	2014-07-02T00:00:00
db:	BID	id:	68216	date:	2014-07-08T00:55:00
db:	JVNDB	id:	JVNDB-2014-003204	date:	2014-07-08T00:00:00
db:	CNNVD	id:	CNNVD-201406-709	date:	2014-07-07T00:00:00
db:	NVD	id:	CVE-2014-4716	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2014-03985	date:	2014-07-02T00:00:00
db:	BID	id:	68216	date:	2014-06-26T00:00:00
db:	JVNDB	id:	JVNDB-2014-003204	date:	2014-07-08T00:00:00
db:	CNNVD	id:	CNNVD-201406-709	date:	2014-06-26T00:00:00
db:	NVD	id:	CVE-2014-4716	date:	2014-07-03T14:55:08.847