Details of VAR-201411-0121

ID

VAR-201411-0121

CVE

CVE-2014-9027

TITLE

ZTE ZXDSL 831CII Vulnerable to cross-site request forgery

Trust: 0.8

sources: JVNDB: JVNDB-2014-005573

DESCRIPTION

Multiple cross-site request forgery (CSRF) vulnerabilities in ZTE ZXDSL 831CII allow remote attackers to hijack the authentication of administrators for requests that disable modem lan ports via the (1) enblftp, (2) enblhttp, (3) enblsnmp, (4) enbltelnet, (5) enbltftp, (6) enblicmp, or (7) enblssh parameter to accesslocal.cmd. The ZTE 831CII is a router device. ZTE 831CII has HTML injection, cross-site request forgery, clickjacking, information disclosure, and unauthorized access vulnerabilities, allowing remote attackers to perform certain administrative operations, execute arbitrary scripts or HTML code in the browser context, or steal cookie-based authentication certificates

Trust: 2.16

sources: NVD: CVE-2014-9027 // JVNDB: JVNDB-2014-005573 // CNVD: CNVD-2014-08309

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2014-08309

AFFECTED PRODUCTS

vendor:	zteusa	model:	zxdsl 831cii	scope:	eq	version:	-	Trust: 1.6
vendor:	zte	model:	zxdsl 831cii	scope:	-	version:	-	Trust: 0.8
vendor:	zte	model:	831cii	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2014-08309 // JVNDB: JVNDB-2014-005573 // CNNVD: CNNVD-201411-382 // NVD: CVE-2014-9027

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-9027
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2014-9027
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2014-08309
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201411-382
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2014-9027
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2014-08309
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2014-08309 // JVNDB: JVNDB-2014-005573 // CNNVD: CNNVD-201411-382 // NVD: CVE-2014-9027

PROBLEMTYPE DATA

problemtype:

CWE-352

Trust: 1.8

sources: JVNDB: JVNDB-2014-005573 // NVD: CVE-2014-9027

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201411-382

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-201411-382

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-005573

PATCH

title:

Top Page

url:

http://wwwen.zte.com.cn/en/

Trust: 0.8

sources: JVNDB: JVNDB-2014-005573

EXTERNAL IDS

db:	NVD	id:	CVE-2014-9027	Trust: 3.0
db:	PACKETSTORM	id:	129041	Trust: 1.6
db:	XF	id:	98590	Trust: 1.4
db:	JVNDB	id:	JVNDB-2014-005573	Trust: 0.8
db:	BID	id:	70984	Trust: 0.6
db:	CNVD	id:	CNVD-2014-08309	Trust: 0.6
db:	CNNVD	id:	CNNVD-201411-382	Trust: 0.6

sources: CNVD: CNVD-2014-08309 // JVNDB: JVNDB-2014-005573 // CNNVD: CNNVD-201411-382 // NVD: CVE-2014-9027

REFERENCES

url:	http://packetstormsecurity.com/files/129041	Trust: 1.6
url:	http://xforce.iss.net/xforce/xfdb/98590	Trust: 1.4
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/98590	Trust: 1.0
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9027	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-9027	Trust: 0.8
url:	http://www.securityfocus.com/bid/70984/	Trust: 0.6

sources: CNVD: CNVD-2014-08309 // JVNDB: JVNDB-2014-005573 // CNNVD: CNNVD-201411-382 // NVD: CVE-2014-9027

SOURCES

db:	CNVD	id:	CNVD-2014-08309
db:	JVNDB	id:	JVNDB-2014-005573
db:	CNNVD	id:	CNNVD-201411-382
db:	NVD	id:	CVE-2014-9027

LAST UPDATE DATE

2025-04-13T23:26:47.995000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2014-08309	date:	2014-11-17T00:00:00
db:	JVNDB	id:	JVNDB-2014-005573	date:	2014-11-21T00:00:00
db:	CNNVD	id:	CNNVD-201411-382	date:	2014-11-21T00:00:00
db:	NVD	id:	CVE-2014-9027	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2014-08309	date:	2014-11-17T00:00:00
db:	JVNDB	id:	JVNDB-2014-005573	date:	2014-11-21T00:00:00
db:	CNNVD	id:	CNNVD-201411-382	date:	2014-11-21T00:00:00
db:	NVD	id:	CVE-2014-9027	date:	2014-11-20T17:50:16.583