CVE-2017-14269

Published: Sep 11, 2017Modified: May 13, 2026

9.8

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

EE 4GEE WiFi MBB (before EE60_00_05.00_31) devices allow remote attackers to obtain sensitive information via a JSONP endpoint, as demonstrated by passwords and SMS content.

Affected (1)

Products: Ee: 4gee Wifi Mbb Firmware

1 product

4gee Wifi Mbb Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ee 4gee Wifi Mbb Firmware	Up to ee60_00_05.00_25

Running on/with	Platform Versions
Ee 4gee Wifi Mbb	All versions

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (4)

http://seclists.org/fulldisclosure/2017/Sep/13

Source: cve@mitre.org

ExploitMailing ListThird Party Advisory

https://blog.jameshemmings.co.uk/2017/08/24/ee-4gee-mobile-wifi-router-multiple-security-vulnerabilities-writeup

Source: cve@mitre.org

ExploitThird Party Advisory

http://seclists.org/fulldisclosure/2017/Sep/13

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitMailing ListThird Party Advisory

https://blog.jameshemmings.co.uk/2017/08/24/ee-4gee-mobile-wifi-router-multiple-security-vulnerabilities-writeup

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.