CVE-2014-10019

Teracom T2-B-Gawv1.4U10Y-BI - Cross-Site Request Forgery in WLAN Country Settings

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2014-10019. PoCs published by Rakesh S.

AI-analyzed exploit summary This exploit demonstrates a CSRF vulnerability in Teracom T2-B-Gawv1.4U10Y-BI modems, allowing an attacker to trick an authenticated administrator into changing the SSID and password via a crafted link.

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in webconfig/wlan/country.html/country in the Teracom T2-B-Gawv1.4U10Y-BI modem allow remote attackers to hijack the authentication of administrators for requests that (1) change the SSID or (2) change the password via a crafted request.

Exploits (1)

exploitdb WORKING POC

by Rakesh S · textwebappshardware

https://www.exploit-db.com/exploits/32943

View Code ZIP pw:eip

This exploit demonstrates a CSRF vulnerability in Teracom T2-B-Gawv1.4U10Y-BI modems, allowing an attacker to trick an authenticated administrator into changing the SSID and password via a crafted link.

Classification

Working Poc 90%

Attack Type

Other

Complexity

Trivial

Reliability

Reliable

Target: Teracom T2-B-Gawv1.4U10Y-BI

Auth required

Prerequisites: Victim must be authenticated as an administrator · Victim must visit the crafted link

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Exploit exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/32943

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/92715

Scores

EPSS 0.0126

EPSS Percentile 65.8%

Details

CWE

CWE-352

Status published

Products (1)

teracom/t2-b-gawv1.4u10y-bi

Published Jan 13, 2015

Tracked Since Feb 18, 2026