CVE-2014-8654

Name of the Vulnerable Software and Affected Versions Compal Broadband Networks (CBN) CH6640E and CG6640E Wireless Gateway hardware version 1.0 with firmware CH6640-3.5.11.7-NOSH

Description The issue affects the authentication of administrators, allowing remote attackers to hijack it for various requests. These requests can have an impact on DDNS configuration via a request to "basicDDNS.html", change the wifi password via the psKey parameter to "setWirelessSecurity.html", add a static MAC address via the MacAddress parameter in an "add static" action to "setBasicDHCP1.html", or enable or disable UPnP via the UPnP parameter in an "apply" action to "setAdvancedOptions.html".

Recommendations For Compal Broadband Networks (CBN) CH6640E and CG6640E Wireless Gateway hardware version 1.0 with firmware CH6640-3.5.11.7-NOSH, consider disabling access to "basicDDNS.html", "setWirelessSecurity.html", "setBasicDHCP1.html", and "setAdvancedOptions.html" until a patch is available to prevent exploitation. As a temporary workaround, restrict the use of the psKey, MacAddress, and UPnP parameters in the respective API endpoints to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.