Vulnerabilities > EE
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-10-30 | CVE-2018-10532 | Use of Hard-coded Credentials vulnerability in EE 4Gee Firmware Hh70E102.0019 An issue was discovered on EE 4GEE HH70VB-2BE8GB3 HH70_E1_02.00_19 devices. | 8.8 |
| 2018-09-26 | CVE-2018-14327 | Incorrect Permission Assignment for Critical Resource vulnerability in EE Ee40Vb Firmware Ee40000.20045 The installer for the Alcatel OSPREY3_MINI Modem component on EE EE40VB 4G mobile broadband modems with firmware before EE40_00_02.00_45 sets weak permissions (Everyone:Full Control) for the "Web Connecton\EE40" and "Web Connecton\EE40\BackgroundService" directories, which allows local users to gain privileges, as demonstrated by inserting a Trojan horse ServiceManager.exe file into the "Web Connecton\EE40\BackgroundService" directory. | 7.8 |
| 2017-09-11 | CVE-2017-14269 | Information Exposure vulnerability in EE 4Gee Wifi MBB Firmware Ee600005.0025 EE 4GEE WiFi MBB (before EE60_00_05.00_31) devices allow remote attackers to obtain sensitive information via a JSONP endpoint, as demonstrated by passwords and SMS content. | 9.8 |
| 2017-09-11 | CVE-2017-14268 | Cross-site Scripting vulnerability in EE 4Gee Wifi MBB Firmware Ee600005.0025 EE 4GEE WiFi MBB (before EE60_00_05.00_31) devices have XSS in the sms_content parameter in a getSMSlist request. | 6.1 |
| 2017-09-11 | CVE-2017-14267 | Cross-Site Request Forgery (CSRF) vulnerability in EE 4Gee Wifi MBB Firmware Ee600005.0025 EE 4GEE WiFi MBB (before EE60_00_05.00_31) devices have CSRF, related to goform/AddNewProfile, goform/setWanDisconnect, goform/setSMSAutoRedirectSetting, goform/setReset, and goform/uploadBackupSettings. | 8.8 |