CVE-2014-4976

Published: Jul 16, 2014Modified: May 6, 2026

5.5

Vector

AV:N/AC:L/Au:S/C:N/I:P/A:P

Exploitability: 8.0 / Impact: 4.9

Source: NVD

Description

Dell SonicWall Scrutinizer 11.0.1 allows remote authenticated users to change user passwords via the user ID in the savePrefs parameter in a change password request to cgi-bin/admin.cgi.

Affected (1)

Products: Sonicwall: Scrutinizer

Sonicwall

1 product

Scrutinizer

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Sonicwall Scrutinizer	Version 11.0.1

Related CWEs

CWE-264

References (12)

http://packetstormsecurity.com/files/127429/Dell-Sonicwall-Scrutinizer-11.01-Code-Execution-SQL-Injection.html

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

http://seclists.org/fulldisclosure/2014/Jul/44

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://www.securityfocus.com/bid/68495

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

https://exchange.xforce.ibmcloud.com/vulnerabilities/94438

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

https://gist.github.com/brandonprry/36b4b8df1cde279a9305

Source: cve@mitre.org

Third Party Advisory

https://gist.github.com/brandonprry/76741d9a0d4f518fe297

Source: cve@mitre.org

ExploitThird Party Advisory

http://packetstormsecurity.com/files/127429/Dell-Sonicwall-Scrutinizer-11.01-Code-Execution-SQL-Injection.html