CVE-2014-8656

Compal Broadband Networks CH6640E/CG6640E Wireless Gateway 1.0 - In...

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2014-8656. PoCs published by LiquidWorm.

AI-analyzed exploit summary The exploit demonstrates multiple vulnerabilities in CBN CH6640E/CG6640E Wireless Gateway, including authorization bypass via cookie manipulation, DoS via a specific GET request, stored XSS via cookie injection, and CSRF for various configuration changes. The PoC provides clear examples of exploit URLs and payloads.

Description

The Compal Broadband Networks (CBN) CH6640E and CG6640E Wireless Gateway 1.0 with firmware CH6640-3.5.11.7-NOSH have a default password of (1) admin for the admin account and (2) compalbn for the root account, which makes it easier for remote attackers to obtain access to certain sensitive information via unspecified vectors.

Exploits (1)

exploitdb WORKING POC

by LiquidWorm · textwebappshardware

https://www.exploit-db.com/exploits/35075

View Code ZIP pw:eip

The exploit demonstrates multiple vulnerabilities in CBN CH6640E/CG6640E Wireless Gateway, including authorization bypass via cookie manipulation, DoS via a specific GET request, stored XSS via cookie injection, and CSRF for various configuration changes. The PoC provides clear examples of exploit URLs and payloads.

Classification

Working Poc 90%

Attack Type

Auth Bypass | Dos | Xss | Csrf | Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Compal Broadband Networks CH6640E/CG6640E Wireless Gateway (Firmware CH6640-3.5.11.7-NOSH)

No auth needed

Prerequisites: Network access to the target device · Ability to send HTTP requests to the device

MITRE ATT&CK

T1189 - Drive-by Compromise T1059 - Command and Scripting Interpreter T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Exploit x_refsource_misc

http://www.zeroscience.mk/en/vulnerabilities/ZSL-2014-5203.php

Exploit exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/35075

Exploit x_refsource_misc

http://packetstormsecurity.com/files/128860/CBN-CH6640E-CG6640E-Wireless-Gateway-XSS-CSRF-DoS-Disclosure.html

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://osvdb.org/show/osvdb/113836

Scores

EPSS 0.1085

EPSS Percentile 95.3%

Details

CWE

CWE-255

Status published

Products (3)

compal_broadband_networks/cg6640e_wireless_gateway 1.0

compal_broadband_networks/ch664oe_wireless_gateway 1.0

compal_broadband_networks/firmware ch6640-3.5.11.7-nosh

Published Nov 06, 2014

Tracked Since Feb 18, 2026