Vulnerabilities > EE

DATE CVE VULNERABILITY TITLE RISK
2018-10-30 CVE-2018-10532 Use of Hard-coded Credentials vulnerability in EE 4Gee Firmware Hh70E102.0019
An issue was discovered on EE 4GEE HH70VB-2BE8GB3 HH70_E1_02.00_19 devices.
low complexity
ee CWE-798
8.3
2018-09-26 CVE-2018-14327 Incorrect Permission Assignment for Critical Resource vulnerability in EE Ee40Vb Firmware
The installer for the Alcatel OSPREY3_MINI Modem component on EE EE40VB 4G mobile broadband modems with firmware before EE40_00_02.00_45 sets weak permissions (Everyone:Full Control) for the "Web Connecton\EE40" and "Web Connecton\EE40\BackgroundService" directories, which allows local users to gain privileges, as demonstrated by inserting a Trojan horse ServiceManager.exe file into the "Web Connecton\EE40\BackgroundService" directory.
network
ee CWE-732
critical
9.3
2017-09-11 CVE-2017-14269 Information Exposure vulnerability in EE 4Gee Wifi MBB Firmware
EE 4GEE WiFi MBB (before EE60_00_05.00_31) devices allow remote attackers to obtain sensitive information via a JSONP endpoint, as demonstrated by passwords and SMS content.
network
low complexity
ee CWE-200
5.0
2017-09-11 CVE-2017-14268 Cross-site Scripting vulnerability in EE 4Gee Wifi MBB Firmware
EE 4GEE WiFi MBB (before EE60_00_05.00_31) devices have XSS in the sms_content parameter in a getSMSlist request.
network
ee CWE-79
4.3
2017-09-11 CVE-2017-14267 Cross-Site Request Forgery (CSRF) vulnerability in EE 4Gee Wifi MBB Firmware
EE 4GEE WiFi MBB (before EE60_00_05.00_31) devices have CSRF, related to goform/AddNewProfile, goform/setWanDisconnect, goform/setSMSAutoRedirectSetting, goform/setReset, and goform/uploadBackupSettings.
network
ee CWE-352
6.8