How severe is CVE-2014-8654?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.8 out of 10.

What type of vulnerability is CVE-2014-8654?

This is classified as CWE-352, which is a common weakness in software security.

CVE-2014-8654 - MEDIUM Severity | CVSS 6.8

Vulnerability Description

Multiple cross-site request forgery (CSRF) vulnerabilities in Compal Broadband Networks (CBN) CH6640E and CG6640E Wireless Gateway hardware 1.0 with firmware CH6640-3.5.11.7-NOSH allow remote attackers to hijack the authentication of administrators for requests that (1) have unspecified impact on DDNS configuration via a request to basicDDNS.html, (2) change the wifi password via the psKey parameter to setWirelessSecurity.html, (3) add a static MAC address via the MacAddress parameter in an add_static action to setBasicDHCP1.html, or (4) enable or disable UPnP via the UPnP parameter in an apply action to setAdvancedOptions.html.

Related Vulnerabilities

CVE-2017-5145

CRITICAL

CVSS:10.0(Critical)

An issue was discovered in Carlo Gavazzi VMU-C EM prior to firmware Version A11_U05, and VMU-C PV prior to firmware Version A17. Successful exploitation of this CROSS-SITE REQUEST FORGERY (CSRF) vulne...

CWE-3522017

CVE-2019-3809

CRITICAL

CVSS:10.0(Critical)

A flaw was found in Moodle versions 3.1 to 3.1.15 and earlier unsupported versions. The mybackpack functionality allowed setting the URL of badges, when it should be restricted to the Mozilla Open Bad...

CWE-3522019

CVE-2025-23922

CRITICAL

CVSS:10.0(Critical)

Cross-Site Request Forgery (CSRF) vulnerability in Harsh iSpring Embedder allows Upload a Web Shell to a Web Server.This issue affects iSpring Embedder: from n/a through 1.0.

CWE-3522025

CVE-2025-32642

CRITICAL

CVSS:10.0(Critical)

Cross-Site Request Forgery (CSRF) vulnerability in appsbd Vite Coupon allows Remote Code Inclusion. This issue affects Vite Coupon: from n/a through 1.0.7.

CWE-3522025

CVE-2018-1712

CRITICAL

CVSS:9.9(Critical)

IBM API Connect's Developer Portal 5.0.0.0 through 5.0.8.3 is vulnerable to Server Side Request Forgery. An attacker, using specially crafted input parameters can trick the server into making potentia...

CWE-3522018

CVE-2016-9866

CRITICAL

CVSS:9.8(Critical)

An issue was discovered in phpMyAdmin. When the arg_separator is different from its default & value, the CSRF token was not properly stripped from the return URL of the preference import action. All 4...

CWE-3522016