CVE-2017-14267

HIGH

EE 4GEE WiFi MBB < EE60_00_05.00_31 - CSRF

Title source: llm

Description

EE 4GEE WiFi MBB (before EE60_00_05.00_31) devices have CSRF, related to goform/AddNewProfile, goform/setWanDisconnect, goform/setSMSAutoRedirectSetting, goform/setReset, and goform/uploadBackupSettings.

References (7)

Core 7

Core References

Exploit, Third Party Advisory x_refsource_misc

https://github.com/JamesIT/vuln-advisories-/blob/master/EE-4GEE-Multiple-Vulns/CSRF/CSRFInternetDCPoC.html

View Exploit ZIP pw:eip

Exploit, Third Party Advisory x_refsource_misc

https://github.com/JamesIT/vuln-advisories-/blob/master/EE-4GEE-Multiple-Vulns/CSRF/uploadBinarySettingsCSRFPoC.html

View Exploit ZIP pw:eip

Exploit, Third Party Advisory x_refsource_misc

https://github.com/JamesIT/vuln-advisories-/blob/master/EE-4GEE-Multiple-Vulns/CSRF/CSRFPocRedirectSMS.html

View Exploit ZIP pw:eip

Exploit, Mailing List, Third Party Advisory x_refsource_misc

http://seclists.org/fulldisclosure/2017/Sep/13

Exploit, Third Party Advisory x_refsource_misc

https://blog.jameshemmings.co.uk/2017/08/24/ee-4gee-mobile-wifi-router-multiple-security-vulnerabilities-writeup

Exploit, Third Party Advisory x_refsource_misc

https://github.com/JamesIT/vuln-advisories-/blob/master/EE-4GEE-Multiple-Vulns/CSRF/CSRFPocResetDefaults.html

View Exploit ZIP pw:eip

Exploit, Third Party Advisory x_refsource_misc

https://github.com/JamesIT/vuln-advisories-/blob/master/EE-4GEE-Multiple-Vulns/CSRF/AddProfileCSRFXSSPoc.html

View Exploit ZIP pw:eip

Scores

CVSS v3 8.8

EPSS 0.0074

EPSS Percentile 49.8%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-352

Status published

Products (1)

ee/4gee_wifi_mbb_firmware < ee60_00_05.00_25

Published Sep 11, 2017

Tracked Since Feb 18, 2026