ID
VAR-201501-0583
CVE
CVE-2014-10019
TITLE
Teracom T2-B-Gawv1.4U10Y-BI Modem webconfig/wlan/country.html/country Vulnerable to cross-site request forgery
Trust: 0.8
DESCRIPTION
Multiple cross-site request forgery (CSRF) vulnerabilities in webconfig/wlan/country.html/country in the Teracom T2-B-Gawv1.4U10Y-BI modem allow remote attackers to hijack the authentication of administrators for requests that (1) change the SSID or (2) change the password via a crafted request. Teracom T2-B-Gawv1.4U10Y-BI is a router device. Teracom T2-B-Gawv1.4U10Y-BI is prone to a cross-site request-forgery vulnerability. Exploiting this issue may allow a remote attacker to perform certain unauthorized actions. This may lead to further attacks
Trust: 2.79
IOT TAXONOMY
| category: | ['Network device'] | sub_category: | - | Trust: 0.6 |
AFFECTED PRODUCTS
| vendor: | teracom | model: | t2-b-gawv1.4u10y-bi | scope: | - | version: | - | Trust: 2.3 |
| vendor: | teracom | model: | t2-b-gawv1.4u10y-bi | scope: | eq | version: | * | Trust: 1.0 |
| vendor: | teracom | model: | t2-b-gawv1.4u10y-bi | scope: | eq | version: | 0 | Trust: 0.3 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-352 | Trust: 1.8 |
THREAT TYPE
network
Trust: 0.6
TYPE
Design Error
Trust: 0.6
CONFIGURATIONS
EXPLOIT AVAILABILITY
PATCH
| title: | ADSL2+ Modem Download | url: | http://www.teracom.in/index.php/details/85-other/104-support-for-adsl2-modem | Trust: 0.8 |
EXTERNAL IDS
| db: | EXPLOIT-DB | id: | 32943 | Trust: 2.8 |
| db: | NVD | id: | CVE-2014-10019 | Trust: 2.8 |
| db: | BID | id: | 67003 | Trust: 1.5 |
| db: | XF | id: | 92715 | Trust: 0.9 |
| db: | JVNDB | id: | JVNDB-2014-007646 | Trust: 0.8 |
| db: | PACKETSTORM | id: | 126246 | Trust: 0.6 |
| db: | CNVD | id: | CNVD-2014-02621 | Trust: 0.6 |
| db: | CNNVD | id: | CNNVD-201405-118 | Trust: 0.6 |
| db: | BID | id: | 79636 | Trust: 0.4 |
| db: | VULMON | id: | CVE-2014-10019 | Trust: 0.1 |
REFERENCES
| url: | http://www.exploit-db.com/exploits/32943 | Trust: 2.8 |
| url: | https://exchange.xforce.ibmcloud.com/vulnerabilities/92715 | Trust: 1.1 |
| url: | http://xforce.iss.net/xforce/xfdb/92715 | Trust: 0.9 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-10019 | Trust: 0.8 |
| url: | http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-10019 | Trust: 0.8 |
| url: | http://packetstormsecurity.com/files/126246/teracom-modem-t2-b-gawv1.4u10y-bi-cross-site-request-forgery.html | Trust: 0.6 |
| url: | http://www.securityfocus.com/bid/67003 | Trust: 0.6 |
| url: | http://www.teracom.in/ | Trust: 0.3 |
| url: | https://cwe.mitre.org/data/definitions/352.html | Trust: 0.1 |
| url: | https://nvd.nist.gov | Trust: 0.1 |
| url: | https://www.exploit-db.com/exploits/32943/ | Trust: 0.1 |
| url: | https://www.securityfocus.com/bid/79636 | Trust: 0.1 |
CREDITS
Rakesh S
Trust: 0.9
SOURCES
| db: | CNVD | id: | CNVD-2014-02621 |
| db: | VULMON | id: | CVE-2014-10019 |
| db: | BID | id: | 67003 |
| db: | BID | id: | 79636 |
| db: | JVNDB | id: | JVNDB-2014-007646 |
| db: | CNNVD | id: | CNNVD-201405-118 |
| db: | NVD | id: | CVE-2014-10019 |
LAST UPDATE DATE
2025-04-13T23:37:36.736000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2014-02621 | date: | 2014-04-24T00:00:00 |
| db: | VULMON | id: | CVE-2014-10019 | date: | 2017-09-08T00:00:00 |
| db: | BID | id: | 67003 | date: | 2014-04-20T00:00:00 |
| db: | BID | id: | 79636 | date: | 2015-01-13T00:00:00 |
| db: | JVNDB | id: | JVNDB-2014-007646 | date: | 2015-01-16T00:00:00 |
| db: | CNNVD | id: | CNNVD-201405-118 | date: | 2015-01-15T00:00:00 |
| db: | NVD | id: | CVE-2014-10019 | date: | 2025-04-12T10:46:40.837 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2014-02621 | date: | 2014-04-24T00:00:00 |
| db: | VULMON | id: | CVE-2014-10019 | date: | 2015-01-13T00:00:00 |
| db: | BID | id: | 67003 | date: | 2014-04-20T00:00:00 |
| db: | BID | id: | 79636 | date: | 2015-01-13T00:00:00 |
| db: | JVNDB | id: | JVNDB-2014-007646 | date: | 2015-01-16T00:00:00 |
| db: | CNNVD | id: | CNNVD-201405-118 | date: | 2014-04-20T00:00:00 |
| db: | NVD | id: | CVE-2014-10019 | date: | 2015-01-13T11:59:27.070 |