CVE-2014-8655

Name of the Vulnerable Software and Affected Versions Compal Broadband Networks (CBN) CH6640E and CG6640E Wireless Gateway version 1.0 with firmware CH6640-3.5.11.7-NOSH

Description The issue allows remote attackers to bypass authentication and obtain sensitive information by manipulating the userData cookie in requests to specific endpoints, including "CmgwWirelessSecurity.xml", "DocsisConfigFile.xml", "CmgwBasicSetup.xml", "basicDDNS.html", "basicLanUsers.html", and "rootDesc.xml". This can be achieved by setting the userData cookie to either an admin or a root value.

Recommendations For Compal Broadband Networks (CBN) CH6640E and CG6640E Wireless Gateway version 1.0 with firmware CH6640-3.5.11.7-NOSH, consider restricting access to the mentioned endpoints as a temporary workaround until a patch is available. Avoid using the userData cookie with admin or root values in requests to these endpoints to minimize the risk of exploitation.