CVE-2014-9019

{"id": "CVE-2014-9019", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2014-11-20T17:50:07.847", "references": [{"url": "http://packetstormsecurity.com/files/129016/ZTE-831CII-Hardcoded-Credential-XSS-CSRF.html", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/533930/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/70984", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98585", "source": "cve@mitre.org"}, {"url": "http://packetstormsecurity.com/files/129016/ZTE-831CII-Hardcoded-Credential-XSS-CSRF.html", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/archive/1/533930/100/0/threaded", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/70984", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98585", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-352"}]}], "descriptions": [{"lang": "en", "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in ZTE ZXDSL 831CII allow remote attackers to hijack the authentication of administrators for requests that (1) change the admin user name or (2) conduct cross-site scripting (XSS) attacks via the sysUserName parameter in a save action to adminpasswd.cgi or (3) change the admin user password via the sysPassword parameter in a save action to adminpasswd.cgi."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de CSRF en ZTE ZXDSL 831CII permiten a atacantes remotos secuestrar la autenticaci\u00f3n de los administradores para solicitudes que (1) cambian el nombre del usuario administrador o (2) realizan ataques XSS a trav\u00e9s del par\u00e1metro sysUserName en una acci\u00f3n save (guardar) en adminpasswd.cgi o (3) cambian la contrase\u00f1a del usuario de administraci\u00f3n a trav\u00e9s del par\u00e1metro sysPassword en una acci\u00f3n save (guardar) en adminpasswd.cgi."}], "lastModified": "2024-11-21T02:20:06.103", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zte:zxdsl:831cii:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F26FA0A8-6EE1-496B-AF64-66302B8A91A2"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}