← Back

CVE-2015-6023

nvd nist
Published: Feb 9, 2017Modified: May 13, 2026

JSON object

Loading...
7.3
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Exploitability: 3.9 / Impact: 3.4
Source: NVD

Description

ping.cgi in NetCommWireless HSPA 3G10WVE wireless routers with firmware before 3G10WVE-L101-S306ETS-C01_R05 allows remote attackers to bypass intended access restrictions via a direct request. NOTE: this issue can be combined with CVE-2015-6024 to execute arbitrary commands.

Affected (1)

Netcommwireless
1 product
Hspa 3g10wve Firmware
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Hspa 3g10wve Firmware
Version 3g10wve-l101-s306ets-c01_r03
Running on/withPlatform Versions
Netcommwireless
Hspa 3g10wve
All versions

Related CWEs

CWE-284
Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (14)

Source: cret@cert.org
ExploitThird Party AdvisoryVDB Entry
Source: cret@cert.org
ExploitMailing ListThird Party Advisory
Source: cret@cert.org
Mailing ListThird Party Advisory
Source: cret@cert.org
Source: cret@cert.org
Source: cret@cert.org
Third Party AdvisoryVDB Entry
Source: cret@cert.org
ExploitThird Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitMailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party AdvisoryVDB Entry

Timeline

No history available yet.