Sign-up

ID

VAR-201501-0582


CVE

CVE-2014-10018


TITLE

Teracom T2-B-Gawv1.4U10Y-BI 'essid' parameter HTML injection vulnerability

Trust: 0.9

sources: CNVD: CNVD-2014-00555 // BID: 65056

DESCRIPTION

Cross-site scripting (XSS) vulnerability in webconfig/wlan/country.html/country in the Teracom T2-B-Gawv1.4U10Y-BI modem allows remote attackers to inject arbitrary web script or HTML via the essid parameter. Teracom T2-B-Gawv1.4U10Y-BI is a broadband Modem device. Teracom T2-B-Gawv1.4U10Y-BI failed to properly filter the 'essid' parameter data, allowing remote attackers to exploit the vulnerability to inject malicious scripts or HTML code to obtain sensitive information or hijack user sessions when malicious data is viewed. Teracom T2-B-Gawv1.4U10Y-BI is prone to an HTML-injection vulnerability because it fails to sanitize user-supplied input. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials or control how the site is rendered to the user. Other attacks are also possible

Trust: 2.43

sources: NVD: CVE-2014-10018 // JVNDB: JVNDB-2014-007645 // CNVD: CNVD-2014-00555 // BID: 65056

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2014-00555

AFFECTED PRODUCTS

vendor:teracommodel:t2-b-gawv1.4u10y-biscope:eqversion: -

Trust: 1.6

vendor:teracommodel:t2-b-gawv1.4u10y-biscope: - version: -

Trust: 1.4

sources: CNVD: CNVD-2014-00555 // JVNDB: JVNDB-2014-007645 // CNNVD: CNNVD-201401-468 // NVD: CVE-2014-10018

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-10018
value: MEDIUM

Trust: 1.0

NVD: CVE-2014-10018
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2014-00555
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201401-468
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2014-10018
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2014-00555
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

sources: CNVD: CNVD-2014-00555 // JVNDB: JVNDB-2014-007645 // CNNVD: CNNVD-201401-468 // NVD: CVE-2014-10018

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.8

sources: JVNDB: JVNDB-2014-007645 // NVD: CVE-2014-10018

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201401-468

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201401-468

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-007645

PATCH
title:ADSL2+ Modem Downloadurl:http://www.teracom.in/index.php/details/85-other/104-support-for-adsl2-modem
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2014-007645

EXTERNAL IDS
db:EXPLOIT-DBid:31087
Trust: 3.0
db:NVDid:CVE-2014-10018
Trust: 2.7
db:BIDid:65056
Trust: 2.5
db:OSVDBid:102343
Trust: 1.6
db:JVNDBid:JVNDB-2014-007645
Trust: 0.8
db:EXPLOITDBid:31087
Trust: 0.6
db:CNVDid:CNVD-2014-00555
Trust: 0.6
db:XFid:90642
Trust: 0.6
db:CNNVDid:CNNVD-201401-468
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2014-00555 // 
            
            
            
            BID: 65056 // 
            
            
            
            JVNDB: JVNDB-2014-007645 // 
            
            
            
            CNNVD: CNNVD-201401-468 // 
            
            
            
            NVD: CVE-2014-10018

REFERENCES
url:http://www.securityfocus.com/bid/65056
Trust: 1.6
url:http://www.exploit-db.com/exploits/31087
Trust: 1.6
url:http://osvdb.org/102343
Trust: 1.6
url:http://www.exploit-db.com/exploits/31087/
Trust: 1.4
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/90642
Trust: 1.0
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-10018
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-10018
Trust: 0.8
url:http://xforce.iss.net/xforce/xfdb/90642
Trust: 0.6
url:http://www.teracom.in/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2014-00555 // 
            
            
            
            BID: 65056 // 
            
            
            
            JVNDB: JVNDB-2014-007645 // 
            
            
            
            CNNVD: CNNVD-201401-468 // 
            
            
            
            NVD: CVE-2014-10018

CREDITS
Rakesh S
Trust: 0.9
sources:
            
            
            BID: 65056 // 
            
            
            
            CNNVD: CNNVD-201401-468

SOURCES
db:CNVDid:CNVD-2014-00555
db:BIDid:65056
db:JVNDBid:JVNDB-2014-007645
db:CNNVDid:CNNVD-201401-468
db:NVDid:CVE-2014-10018

LAST UPDATE DATE
2025-04-13T23:25:19.961000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2014-00555date:2014-01-24T00:00:00
db:BIDid:65056date:2015-04-13T21:01:00
db:JVNDBid:JVNDB-2014-007645date:2015-01-16T00:00:00
db:CNNVDid:CNNVD-201401-468date:2015-01-15T00:00:00
db:NVDid:CVE-2014-10018date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:CNVDid:CNVD-2014-00555date:2014-01-24T00:00:00
db:BIDid:65056date:2014-01-20T00:00:00
db:JVNDBid:JVNDB-2014-007645date:2015-01-16T00:00:00
db:CNNVDid:CNNVD-201401-468date:2014-01-26T00:00:00
db:NVDid:CVE-2014-10018date:2015-01-13T11:59:26.227