CVE-2014-8653

Compal Broadband Networks (CBN) CH6640E/CG6640E Wireless Gateway 1....

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2014-8653. PoCs published by LiquidWorm.

AI-analyzed exploit summary The exploit demonstrates multiple vulnerabilities in CBN CH6640E/CG6640E Wireless Gateway, including authorization bypass via cookie manipulation, DoS via a specific GET request, stored XSS via cookie injection, and CSRF for various configuration changes. The PoC provides clear examples of exploit URLs and payloads.

Description

Cross-site scripting (XSS) vulnerability in Compal Broadband Networks (CBN) CH6640E and CG6640E Wireless Gateway 1.0 with firmware CH6640-3.5.11.7-NOSH allows remote attackers to inject arbitrary web script or HTML via the userData cookie.

Exploits (1)

exploitdb WORKING POC

by LiquidWorm · textwebappshardware

https://www.exploit-db.com/exploits/35075

View Code ZIP pw:eip

The exploit demonstrates multiple vulnerabilities in CBN CH6640E/CG6640E Wireless Gateway, including authorization bypass via cookie manipulation, DoS via a specific GET request, stored XSS via cookie injection, and CSRF for various configuration changes. The PoC provides clear examples of exploit URLs and payloads.

Classification

Working Poc 90%

Attack Type

Auth Bypass | Dos | Xss | Csrf | Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Compal Broadband Networks CH6640E/CG6640E Wireless Gateway (Firmware CH6640-3.5.11.7-NOSH)

No auth needed

Prerequisites: Network access to the target device · Ability to send HTTP requests to the device

MITRE ATT&CK