Vulnerability Details : CVE-2014-9027
Multiple cross-site request forgery (CSRF) vulnerabilities in ZTE ZXDSL 831CII allow remote attackers to hijack the authentication of administrators for requests that disable modem lan ports via the (1) enblftp, (2) enblhttp, (3) enblsnmp, (4) enbltelnet, (5) enbltftp, (6) enblicmp, or (7) enblssh parameter to accesslocal.cmd.
Vulnerability category: Cross-site request forgery (CSRF)
Products affected by CVE-2014-9027
- cpe:2.3:h:zteusa:zxdsl_831cii:-:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2014-9027
0.16%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 51 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2014-9027
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST |
CWE ids for CVE-2014-9027
-
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-9027
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/98590
ZTE 831CII accesslocal.cmd cross-site request forgery CVE-2014-9027 Vulnerability Report
-
http://packetstormsecurity.com/files/129041
ZXDSL 831CII Cross Site Request Forgery ≈ Packet StormExploit
Jump to