Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2014-5437

EPSS 0.12% · P30
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2014-5437

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
Multiple cross-site request forgery (CSRF) vulnerabilities in ARRIS Touchstone TG862G/CT Telephony Gateway with firmware 7.6.59S.CT and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) enable remote management via a request to remote_management.php, (2) add a port forwarding rule via a request to port_forwarding_add.php, (3) change the wireless network to open via a request to wireless_network_configuration_edit.php, or (4) conduct cross-site scripting (XSS) attacks via the keyword parameter to managed_sites_add_keyword.php.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
ARRIS Touchstone TG862G/CT Telephony Gateway 跨站请求伪造漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Arris Touchstone TG862G/CT Telephony Gateway是美国Arris集团公司的一款Modem(调制解调器)路由器一体机。 使用7.6.59S.CT及之前版本固件的ARRIS Touchstone TG862G/CT Telephony Gateway中存在跨站请求伪造漏洞。远程攻击者可通过向remote_management.php脚本发送请求利用该漏洞开启远程管理;通过向port_forwarding_add.php脚本发送请求利用该漏洞添加端口转发规则;通过向wir
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
-n/a n/a -

II. Public POCs for CVE-2014-5437

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2014-5437

Please Login to view more intelligence information

Same Patch Batch · n/a · 2014-12-17 · 18 CVEs total

CVE-2014-9253DokuWiki 跨站脚本漏洞
CVE-2014-8006Cisco ISB8320-E High-Definition IP-Only DVR 安全漏洞
CVE-2014-6182IBM Business Process Manager 目录遍历漏洞
CVE-2014-4844IBM Business Process Manager 安全漏洞
CVE-2014-4626EMC Documentum Content Server 安全漏洞
CVE-2014-8133Linux kernel 信息泄露漏洞
CVE-2014-9322Linux kernel 本地提权漏洞
CVE-2014-7880HP OpenVMS TCP/IP 安全漏洞
CVE-2014-7285Symantec Web Gateway 命令注入漏洞
CVE-2013-7402c-icap Server 拒绝服务漏洞
CVE-2014-5438ARRIS Touchstone TG862G/CT Telephony Gateway 跨站脚本漏洞
CVE-2014-9388MantisBT 安全漏洞
CVE-2014-9387SAP BusinessObjects Edge 权限许可和访问控制漏洞
CVE-2014-8553MantisBT 信息泄露漏洞
CVE-2014-8117file 资源管理错误漏洞
CVE-2014-8116file 资源管理错误漏洞
CVE-2014-7170Puppet Server 竞争条件漏洞

IV. Related Vulnerabilities

Same product: n/a
Same vendor: n/a

V. Comments for CVE-2014-5437

No comments yet

Leave a comment