Sign-up

ID

VAR-201709-0397


CVE

CVE-2017-14267


TITLE

EE 4GEE WiFi MBB Device cross-site request forgery vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-007941

DESCRIPTION

EE 4GEE WiFi MBB (before EE60_00_05.00_31) devices have CSRF, related to goform/AddNewProfile, goform/setWanDisconnect, goform/setSMSAutoRedirectSetting, goform/setReset, and goform/uploadBackupSettings. EE 4GEE WiFi MBB The device contains a cross-site request forgery vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. EE4GEEWiFiMBB is a mobile wireless router device from EE UK. A cross-site request forgery vulnerability exists in versions prior to EE4GEEWiFiMBBEE60_00_05.00_31. A remote attacker could exploit the vulnerability to tamper a user to a malicious website to perform unauthorized operations

Trust: 2.25

sources: NVD: CVE-2017-14267 // JVNDB: JVNDB-2017-007941 // CNVD: CNVD-2017-33216 // VULHUB: VHN-104972

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-33216

AFFECTED PRODUCTS

vendor:eemodel:4gee wifi mbbscope:lteversion:ee60_00_05.00_25

Trust: 1.0

vendor:eemodel:4gee wifiscope:ltversion:ee60_00_05.00_31

Trust: 0.8

vendor:eemodel:4gee wifi mbb <ee60 00 05.00 31scope: - version: -

Trust: 0.6

vendor:eemodel:4gee wifi mbbscope:eqversion:ee60_00_05.00_25

Trust: 0.6

sources: CNVD: CNVD-2017-33216 // JVNDB: JVNDB-2017-007941 // CNNVD: CNNVD-201709-422 // NVD: CVE-2017-14267

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-14267
value: HIGH

Trust: 1.0

NVD: CVE-2017-14267
value: HIGH

Trust: 0.8

CNVD: CNVD-2017-33216
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201709-422
value: MEDIUM

Trust: 0.6

VULHUB: VHN-104972
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-14267
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-33216
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-104972
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-14267
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2017-33216 // VULHUB: VHN-104972 // JVNDB: JVNDB-2017-007941 // CNNVD: CNNVD-201709-422 // NVD: CVE-2017-14267

PROBLEMTYPE DATA

problemtype:CWE-352

Trust: 1.9

sources: VULHUB: VHN-104972 // JVNDB: JVNDB-2017-007941 // NVD: CVE-2017-14267

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201709-422

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-201709-422

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-007941

PATCH
title:4GEE WiFiurl:http://ee.co.uk/help/mobile-and-home-connections/broadband-gallery-mobile-broadband/mobile-broadband
Trust: 0.8
title:Patch for EE4GEEWiFiMBB Cross-Site Request Forgery Vulnerability (CNVD-2017-33216)url:https://www.cnvd.org.cn/patchInfo/show/105711
Trust: 0.6
title:EE 4GEE WiFi MBB Fixes for cross-site request forgery vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=74684
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-33216 // 
            
            
            
            JVNDB: JVNDB-2017-007941 // 
            
            
            
            CNNVD: CNNVD-201709-422

EXTERNAL IDS
db:NVDid:CVE-2017-14267
Trust: 3.1
db:JVNDBid:JVNDB-2017-007941
Trust: 0.8
db:CNNVDid:CNNVD-201709-422
Trust: 0.7
db:CNVDid:CNVD-2017-33216
Trust: 0.6
db:VULHUBid:VHN-104972
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-33216 // 
            
            
            
            VULHUB: VHN-104972 // 
            
            
            
            JVNDB: JVNDB-2017-007941 // 
            
            
            
            CNNVD: CNNVD-201709-422 // 
            
            
            
            NVD: CVE-2017-14267

REFERENCES
url:http://seclists.org/fulldisclosure/2017/sep/13
Trust: 2.3
url:https://blog.jameshemmings.co.uk/2017/08/24/ee-4gee-mobile-wifi-router-multiple-security-vulnerabilities-writeup
Trust: 1.7
url:https://github.com/jamesit/vuln-advisories-/blob/master/ee-4gee-multiple-vulns/csrf/addprofilecsrfxsspoc.html
Trust: 1.7
url:https://github.com/jamesit/vuln-advisories-/blob/master/ee-4gee-multiple-vulns/csrf/csrfinternetdcpoc.html
Trust: 1.7
url:https://github.com/jamesit/vuln-advisories-/blob/master/ee-4gee-multiple-vulns/csrf/csrfpocredirectsms.html
Trust: 1.7
url:https://github.com/jamesit/vuln-advisories-/blob/master/ee-4gee-multiple-vulns/csrf/csrfpocresetdefaults.html
Trust: 1.7
url:https://github.com/jamesit/vuln-advisories-/blob/master/ee-4gee-multiple-vulns/csrf/uploadbinarysettingscsrfpoc.html
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-14267
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-14267
Trust: 0.8
url:https://blog.jameshemmings.co.uk/2017/08/24/ee-4gee-mobile-wifi-router-multiple-security-vulnerabilities-writeup/
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2017-33216 // 
            
            
            
            VULHUB: VHN-104972 // 
            
            
            
            JVNDB: JVNDB-2017-007941 // 
            
            
            
            CNNVD: CNNVD-201709-422 // 
            
            
            
            NVD: CVE-2017-14267

SOURCES
db:CNVDid:CNVD-2017-33216
db:VULHUBid:VHN-104972
db:JVNDBid:JVNDB-2017-007941
db:CNNVDid:CNNVD-201709-422
db:NVDid:CVE-2017-14267

LAST UPDATE DATE
2025-04-20T23:30:53.011000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-33216date:2017-11-09T00:00:00
db:VULHUBid:VHN-104972date:2017-09-15T00:00:00
db:JVNDBid:JVNDB-2017-007941date:2017-10-04T00:00:00
db:CNNVDid:CNNVD-201709-422date:2017-09-12T00:00:00
db:NVDid:CVE-2017-14267date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-33216date:2017-11-09T00:00:00
db:VULHUBid:VHN-104972date:2017-09-11T00:00:00
db:JVNDBid:JVNDB-2017-007941date:2017-10-04T00:00:00
db:CNNVDid:CNNVD-201709-422date:2017-09-12T00:00:00
db:NVDid:CVE-2017-14267date:2017-09-11T09:29:00.780