CBN CH6640E/CG6640E Wireless Gateway Series Multiple Vulnerabilities
Title: CBN CH6640E/CG6640E Wireless Gateway Series Multiple Vulnerabilities
Advisory ID: ZSL-2014-5203
Type: Local/Remote
Impact: Security Bypass, Exposure of Sensitive Information, Cross-Site Scripting, DoS
Risk: (3/5)
Release Date: 25.10.2014
Hardware version: 1.0
Firmware version: CH6640-3.5.11.7-NOSH
Boot version: PSPU-Boot(BBU) 1.0.19.25m1-CBN01
DOCSIS mode: DOCSIS 3.0
[2] http://www.exploit-db.com/exploits/35075/
[3] http://osvdb.org/show/osvdb/113836
[4] http://osvdb.org/show/osvdb/113837
[5] http://osvdb.org/show/osvdb/113838
[6] http://osvdb.org/show/osvdb/113839
[7] http://osvdb.org/show/osvdb/113840
[8] http://osvdb.org/show/osvdb/113841
[9] http://osvdb.org/show/osvdb/113842
[10] http://osvdb.org/show/osvdb/113843
[11] http://packetstormsecurity.com/files/128860
[12] http://www.securityfocus.com/bid/70762
[13] http://xforce.iss.net/xforce/xfdb/98328
[14] http://xforce.iss.net/xforce/xfdb/98329
[15] http://cve.mitre.org/cgi-bin/cvename.cgi?name=2014-8653
[16] http://cve.mitre.org/cgi-bin/cvename.cgi?name=2014-8654
[17] http://cve.mitre.org/cgi-bin/cvename.cgi?name=2014-8655
[18] http://cve.mitre.org/cgi-bin/cvename.cgi?name=2014-8656
[19] http://cve.mitre.org/cgi-bin/cvename.cgi?name=2014-8657
[20] http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8653
[21] http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8654
[22] http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8655
[23] http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8656
[24] http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8657
[28.10.2014] - Added reference [1], [2], [3], [4], [5], [6], [7], [8], [9], [10], [11] and [12]
[30.10.2014] - Added reference [13] and [14]
[07.11.2014] - Added reference [15], [16], [17], [18], [19], [20], [21], [22], [23] and [24]
Web: http://www.zeroscience.mk
e-mail: lab@zeroscience.mk
Advisory ID: ZSL-2014-5203
Type: Local/Remote
Impact: Security Bypass, Exposure of Sensitive Information, Cross-Site Scripting, DoS
Risk: (3/5)
Release Date: 25.10.2014
Summary
The CBN CH6640E/CG6640E Wireless Gateway is designed for your home, home office, or small business/enterprise. It can be used in households with one or more computers capable of wireless connectivity for remote access to the wireless gateway.Description
The CBN modem gateway suffers from multiple vulnerabilities including authorization bypass information disclosure, stored XSS, CSRF and denial of service.Vendor
Compal Broadband Networks (CBN), Inc. - http://www.icbn.com.twAffected Version
Model: CH6640 and CH6640EHardware version: 1.0
Firmware version: CH6640-3.5.11.7-NOSH
Boot version: PSPU-Boot(BBU) 1.0.19.25m1-CBN01
DOCSIS mode: DOCSIS 3.0
Tested On
Compal Broadband Networks, Inc/Linux/2.6.39.3 UPnP/1.1 MiniUPnPd/1.7Vendor Status
N/APoC
cbn_mv.txtCredits
Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk>References
[1] http://cxsecurity.com/issue/WLB-2014100162[2] http://www.exploit-db.com/exploits/35075/
[3] http://osvdb.org/show/osvdb/113836
[4] http://osvdb.org/show/osvdb/113837
[5] http://osvdb.org/show/osvdb/113838
[6] http://osvdb.org/show/osvdb/113839
[7] http://osvdb.org/show/osvdb/113840
[8] http://osvdb.org/show/osvdb/113841
[9] http://osvdb.org/show/osvdb/113842
[10] http://osvdb.org/show/osvdb/113843
[11] http://packetstormsecurity.com/files/128860
[12] http://www.securityfocus.com/bid/70762
[13] http://xforce.iss.net/xforce/xfdb/98328
[14] http://xforce.iss.net/xforce/xfdb/98329
[15] http://cve.mitre.org/cgi-bin/cvename.cgi?name=2014-8653
[16] http://cve.mitre.org/cgi-bin/cvename.cgi?name=2014-8654
[17] http://cve.mitre.org/cgi-bin/cvename.cgi?name=2014-8655
[18] http://cve.mitre.org/cgi-bin/cvename.cgi?name=2014-8656
[19] http://cve.mitre.org/cgi-bin/cvename.cgi?name=2014-8657
[20] http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8653
[21] http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8654
[22] http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8655
[23] http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8656
[24] http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8657
Changelog
[25.10.2014] - Initial release[28.10.2014] - Added reference [1], [2], [3], [4], [5], [6], [7], [8], [9], [10], [11] and [12]
[30.10.2014] - Added reference [13] and [14]
[07.11.2014] - Added reference [15], [16], [17], [18], [19], [20], [21], [22], [23] and [24]
Contact
Zero Science LabWeb: http://www.zeroscience.mk
e-mail: lab@zeroscience.mk
