Sign-up

ID

VAR-201711-0023


CVE

CVE-2014-3150


TITLE

Livebox 1.1 Vulnerabilities related to security functions

Trust: 0.8

sources: JVNDB: JVNDB-2014-008445

DESCRIPTION

Livebox 1.1 allows remote authenticated users to upload arbitrary configuration files, download the configuration file, or obtain sensitive information via crafted Javascript. Livebox 1.1 Contains vulnerabilities related to security features.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Livebox is a multifunctional ADSL modem. The product can provide functions such as telephony, Internet access and TV playback. A security vulnerability exists in Livebox version 1.1

Trust: 1.71

sources: NVD: CVE-2014-3150 // JVNDB: JVNDB-2014-008445 // VULHUB: VHN-71089

AFFECTED PRODUCTS

vendor:orangemodel:livebox 1.1scope:eqversion:26014a

Trust: 1.6

vendor:orangemodel:livebox 1.1scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2014-008445 // CNNVD: CNNVD-201711-541 // NVD: CVE-2014-3150

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-3150
value: HIGH

Trust: 1.0

NVD: CVE-2014-3150
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201711-541
value: CRITICAL

Trust: 0.6

VULHUB: VHN-71089
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2014-3150
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-71089
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2014-3150
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-71089 // JVNDB: JVNDB-2014-008445 // CNNVD: CNNVD-201711-541 // NVD: CVE-2014-3150

PROBLEMTYPE DATA

problemtype:CWE-254

Trust: 1.9

sources: VULHUB: VHN-71089 // JVNDB: JVNDB-2014-008445 // NVD: CVE-2014-3150

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201711-541

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201711-541

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-008445

PATCH
title:Top Pageurl:http://www.orange.fr/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2014-008445

EXTERNAL IDS
db:NVDid:CVE-2014-3150
Trust: 2.5
db:JVNDBid:JVNDB-2014-008445
Trust: 0.8
db:CNNVDid:CNNVD-201711-541
Trust: 0.7
db:VULHUBid:VHN-71089
Trust: 0.1
sources:
            
            
            VULHUB: VHN-71089 // 
            
            
            
            JVNDB: JVNDB-2014-008445 // 
            
            
            
            CNNVD: CNNVD-201711-541 // 
            
            
            
            NVD: CVE-2014-3150

REFERENCES
url:https://archive.fo/tzqpd
Trust: 2.5
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3150
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2014-3150
Trust: 0.8
sources:
            
            
            VULHUB: VHN-71089 // 
            
            
            
            JVNDB: JVNDB-2014-008445 // 
            
            
            
            CNNVD: CNNVD-201711-541 // 
            
            
            
            NVD: CVE-2014-3150

SOURCES
db:VULHUBid:VHN-71089
db:JVNDBid:JVNDB-2014-008445
db:CNNVDid:CNNVD-201711-541
db:NVDid:CVE-2014-3150

LAST UPDATE DATE
2025-04-20T23:19:45.407000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-71089date:2017-12-05T00:00:00
db:JVNDBid:JVNDB-2014-008445date:2017-12-13T00:00:00
db:CNNVDid:CNNVD-201711-541date:2017-11-21T00:00:00
db:NVDid:CVE-2014-3150date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:VULHUBid:VHN-71089date:2017-11-15T00:00:00
db:JVNDBid:JVNDB-2014-008445date:2017-12-13T00:00:00
db:CNNVDid:CNNVD-201711-541date:2017-11-21T00:00:00
db:NVDid:CVE-2014-3150date:2017-11-15T18:29:00.327