CVE-2014-2849
Sophos Web Appliance Firmware < 3.8.1.1 - Access Control
Title source: ruleDescription
The Change Password dialog box (change_password) in Sophos Web Appliance before 3.8.2 allows remote authenticated users to change the admin user password via a crafted request.
Exploits (2)
exploitdb
WORKING POC
VERIFIED
by Metasploit · rubyremoteunix
https://www.exploit-db.com/exploits/32789
metasploit
WORKING POC
EXCELLENT
rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/sophos_wpa_iface_exec.rb
References (5)
Scores
EPSS
0.7648
EPSS Percentile
98.9%
Details
CWE
CWE-264
Status
published
Products (50)
sophos/web_appliance
sophos/web_appliance_firmware
3.7.8
sophos/web_appliance_firmware
3.0.0
sophos/web_appliance_firmware
3.0.1
sophos/web_appliance_firmware
3.0.1.1
sophos/web_appliance_firmware
3.0.2
sophos/web_appliance_firmware
3.0.3
sophos/web_appliance_firmware
3.0.4
sophos/web_appliance_firmware
3.0.5
sophos/web_appliance_firmware
3.0.5.1
... and 40 more
Published
Apr 11, 2014
Tracked Since
Feb 18, 2026