Sign-up

ID

VAR-201709-0399


CVE

CVE-2017-14269


TITLE

EE 4GEE WiFi MBB Information disclosure vulnerability in devices

Trust: 0.8

sources: JVNDB: JVNDB-2017-007943

DESCRIPTION

EE 4GEE WiFi MBB (before EE60_00_05.00_31) devices allow remote attackers to obtain sensitive information via a JSONP endpoint, as demonstrated by passwords and SMS content. EE 4GEE WiFi MBB The device contains an information disclosure vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. EE4GEEWiFiMBB is a mobile wireless router device from EE UK. A cross-site request forgery vulnerability exists in versions prior to EE4GEEWiFiMBBEE60_00_05.00_31. A remote attacker could exploit the vulnerability to tamper a user to a malicious website to perform unauthorized operations. There are security vulnerabilities in EE 4GEE WiFi MBB versions prior to EE60_00_05.00_31

Trust: 2.25

sources: NVD: CVE-2017-14269 // JVNDB: JVNDB-2017-007943 // CNVD: CNVD-2017-33064 // VULHUB: VHN-104974

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-33064

AFFECTED PRODUCTS

vendor:eemodel:4gee wifi mbbscope:lteversion:ee60_00_05.00_25

Trust: 1.0

vendor:eemodel:4gee wifiscope:ltversion:ee60_00_05.00_31

Trust: 0.8

vendor:eemodel:4gee wifi mbb <ee60 00 05.00 31scope: - version: -

Trust: 0.6

vendor:eemodel:4gee wifi mbbscope:eqversion:ee60_00_05.00_25

Trust: 0.6

sources: CNVD: CNVD-2017-33064 // JVNDB: JVNDB-2017-007943 // CNNVD: CNNVD-201709-420 // NVD: CVE-2017-14269

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-14269
value: CRITICAL

Trust: 1.0

NVD: CVE-2017-14269
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2017-33064
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201709-420
value: MEDIUM

Trust: 0.6

VULHUB: VHN-104974
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-14269
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-33064
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-104974
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-14269
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2017-33064 // VULHUB: VHN-104974 // JVNDB: JVNDB-2017-007943 // CNNVD: CNNVD-201709-420 // NVD: CVE-2017-14269

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-104974 // JVNDB: JVNDB-2017-007943 // NVD: CVE-2017-14269

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201709-420

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201709-420

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-007943

PATCH
title:4GEE WiFiurl:http://ee.co.uk/help/mobile-and-home-connections/broadband-gallery-mobile-broadband/mobile-broadband
Trust: 0.8
title:Patch for EE4GEEWiFiMBB cross-site request forgery vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/105616
Trust: 0.6
title:EE 4GEE WiFi MBB Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=74682
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-33064 // 
            
            
            
            JVNDB: JVNDB-2017-007943 // 
            
            
            
            CNNVD: CNNVD-201709-420

EXTERNAL IDS
db:NVDid:CVE-2017-14269
Trust: 3.1
db:JVNDBid:JVNDB-2017-007943
Trust: 0.8
db:CNNVDid:CNNVD-201709-420
Trust: 0.7
db:EXPLOITALERTid:27496
Trust: 0.6
db:CNVDid:CNVD-2017-33064
Trust: 0.6
db:VULHUBid:VHN-104974
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-33064 // 
            
            
            
            VULHUB: VHN-104974 // 
            
            
            
            JVNDB: JVNDB-2017-007943 // 
            
            
            
            CNNVD: CNNVD-201709-420 // 
            
            
            
            NVD: CVE-2017-14269

REFERENCES
url:http://seclists.org/fulldisclosure/2017/sep/13
Trust: 2.3
url:https://blog.jameshemmings.co.uk/2017/08/24/ee-4gee-mobile-wifi-router-multiple-security-vulnerabilities-writeup
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-14269
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-14269
Trust: 0.8
url:https://blog.jameshemmings.co.uk/2017/08/24/ee-4gee-mobile-wifi-router-multiple-security-vulnerabilities-writeup/
Trust: 0.8
url:http://www.exploitalert.com/view-details.html?id=27496
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-33064 // 
            
            
            
            VULHUB: VHN-104974 // 
            
            
            
            JVNDB: JVNDB-2017-007943 // 
            
            
            
            CNNVD: CNNVD-201709-420 // 
            
            
            
            NVD: CVE-2017-14269

SOURCES
db:CNVDid:CNVD-2017-33064
db:VULHUBid:VHN-104974
db:JVNDBid:JVNDB-2017-007943
db:CNNVDid:CNNVD-201709-420
db:NVDid:CVE-2017-14269

LAST UPDATE DATE
2025-04-20T23:42:57.355000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-33064date:2017-11-08T00:00:00
db:VULHUBid:VHN-104974date:2017-09-15T00:00:00
db:JVNDBid:JVNDB-2017-007943date:2017-10-04T00:00:00
db:CNNVDid:CNNVD-201709-420date:2017-09-12T00:00:00
db:NVDid:CVE-2017-14269date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-33064date:2017-11-08T00:00:00
db:VULHUBid:VHN-104974date:2017-09-11T00:00:00
db:JVNDBid:JVNDB-2017-007943date:2017-10-04T00:00:00
db:CNNVDid:CNNVD-201709-420date:2017-09-12T00:00:00
db:NVDid:CVE-2017-14269date:2017-09-11T09:29:00.857