CVE-2017-14267

Name: CVE-2017-14267
Creator: NVD / NIST
Published: 2017-09-11T09:29:00.78+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 0.74%

Last modified Jun 17, 2026

CVE-2017-14267 is a vulnerability of currently unknown severity. EE 4GEE WiFi MBB (before EE60_00_05.00_31) devices have CSRF, related to goform/AddNewProfile, goform/setWanDisconnect, goform/setSMSAutoRedirectSetting, goform/setReset, and goform/uploadBackupSettings.. EPSS estimates a 0.74% chance of exploitation in the next 30 days.

Description

EE 4GEE WiFi MBB (before EE60_00_05.00_31) devices have CSRF, related to goform/AddNewProfile, goform/setWanDisconnect, goform/setSMSAutoRedirectSetting, goform/setReset, and goform/uploadBackupSettings.

Metrics

EPSS Probability

0.74%

50.0th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-352

Affected Software

Vendor	Product	Versions
Ee	4gee Wifi Mbb Firmware	<= ee60_00_05.00_25

References

http://seclists.org/fulldisclosure/2017/Sep/13Exploit, Mailing List, Third Party Advisory
https://blog.jameshemmings.co.uk/2017/08/24/ee-4gee-mobile-wifi-router-multiple-security-vulnerabilities-writeupExploit, Third Party Advisory
https://github.com/JamesIT/vuln-advisories-/blob/master/EE-4GEE-Multiple-Vulns/CSRF/AddProfileCSRFXSSPoc.htmlExploit, Third Party Advisory
https://github.com/JamesIT/vuln-advisories-/blob/master/EE-4GEE-Multiple-Vulns/CSRF/CSRFInternetDCPoC.htmlExploit, Third Party Advisory
https://github.com/JamesIT/vuln-advisories-/blob/master/EE-4GEE-Multiple-Vulns/CSRF/CSRFPocRedirectSMS.htmlExploit, Third Party Advisory
https://github.com/JamesIT/vuln-advisories-/blob/master/EE-4GEE-Multiple-Vulns/CSRF/CSRFPocResetDefaults.htmlExploit, Third Party Advisory
https://github.com/JamesIT/vuln-advisories-/blob/master/EE-4GEE-Multiple-Vulns/CSRF/uploadBinarySettingsCSRFPoC.htmlExploit, Third Party Advisory
http://seclists.org/fulldisclosure/2017/Sep/13Exploit, Mailing List, Third Party Advisory
https://blog.jameshemmings.co.uk/2017/08/24/ee-4gee-mobile-wifi-router-multiple-security-vulnerabilities-writeupExploit, Third Party Advisory
https://github.com/JamesIT/vuln-advisories-/blob/master/EE-4GEE-Multiple-Vulns/CSRF/AddProfileCSRFXSSPoc.htmlExploit, Third Party Advisory
https://github.com/JamesIT/vuln-advisories-/blob/master/EE-4GEE-Multiple-Vulns/CSRF/CSRFInternetDCPoC.htmlExploit, Third Party Advisory
https://github.com/JamesIT/vuln-advisories-/blob/master/EE-4GEE-Multiple-Vulns/CSRF/CSRFPocRedirectSMS.htmlExploit, Third Party Advisory
https://github.com/JamesIT/vuln-advisories-/blob/master/EE-4GEE-Multiple-Vulns/CSRF/CSRFPocResetDefaults.htmlExploit, Third Party Advisory
https://github.com/JamesIT/vuln-advisories-/blob/master/EE-4GEE-Multiple-Vulns/CSRF/uploadBinarySettingsCSRFPoC.htmlExploit, Third Party Advisory

Timeline

Published: Sep 11, 2017
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2017-14267?

How severe is CVE-2017-14267?

Severity scoring for CVE-2017-14267 is pending analysis. The EPSS model estimates a 0.74% probability of exploitation in the next 30 days.

How do I fix CVE-2017-14267?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2017-14267?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST