{"api_version":"1","generated_at":"2026-05-01T23:25:52+00:00","cve":"CVE-2014-9027","urls":{"html":"https://cve.report/CVE-2014-9027","api":"https://cve.report/api/cve/CVE-2014-9027.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2014-9027","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2014-9027"},"summary":{"title":"CVE-2014-9027","description":"Multiple cross-site request forgery (CSRF) vulnerabilities in ZTE ZXDSL 831CII allow remote attackers to hijack the authentication of administrators for requests that disable modem lan ports via the (1) enblftp, (2) enblhttp, (3) enblsnmp, (4) enbltelnet, (5) enbltftp, (6) enblicmp, or (7) enblssh parameter to accesslocal.cmd.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2014-11-20 17:50:00","updated_at":"2017-09-08 01:29:00"},"problem_types":["CWE-352"],"metrics":[],"references":[{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/98590","name":"zte831cii-accesslocal-csrf(98590)","refsource":"XF","tags":[],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://packetstormsecurity.com/files/129041","name":"http://packetstormsecurity.com/files/129041","refsource":"MISC","tags":["Exploit"],"title":"ZXDSL 831CII Cross Site Request Forgery ≈ Packet Storm","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2014-9027","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-9027","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2014","cve_id":"9027","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"zteusa","cpe5":"zxdsl_831cii","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2014","cve_id":"9027","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"zteusa","cpe5":"zxdsl_831cii","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2014-9027","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Multiple cross-site request forgery (CSRF) vulnerabilities in ZTE ZXDSL 831CII allow remote attackers to hijack the authentication of administrators for requests that disable modem lan ports via the (1) enblftp, (2) enblhttp, (3) enblsnmp, (4) enbltelnet, (5) enbltftp, (6) enblicmp, or (7) enblssh parameter to accesslocal.cmd."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"zte831cii-accesslocal-csrf(98590)","refsource":"XF","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/98590"},{"name":"http://packetstormsecurity.com/files/129041","refsource":"MISC","url":"http://packetstormsecurity.com/files/129041"}]}},"nvd":{"publishedDate":"2014-11-20 17:50:00","lastModifiedDate":"2017-09-08 01:29:00","problem_types":["CWE-352"],"metrics":{"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL","baseScore":6.8},"severity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:h:zteusa:zxdsl_831cii:-:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2014","CveId":"9027","Ordinal":"76366","Title":"CVE-2014-9027","CVE":"CVE-2014-9027","Year":"2014"},"notes":[{"CveYear":"2014","CveId":"9027","Ordinal":"1","NoteData":"Multiple cross-site request forgery (CSRF) vulnerabilities in ZTE ZXDSL 831CII allow remote attackers to hijack the authentication of administrators for requests that disable modem lan ports via the (1) enblftp, (2) enblhttp, (3) enblsnmp, (4) enbltelnet, (5) enbltftp, (6) enblicmp, or (7) enblssh parameter to accesslocal.cmd.","Type":"Description","Title":null},{"CveYear":"2014","CveId":"9027","Ordinal":"2","NoteData":"2014-11-20","Type":"Other","Title":"Published"},{"CveYear":"2014","CveId":"9027","Ordinal":"3","NoteData":"2017-09-07","Type":"Other","Title":"Modified"}]}}}