CVE-2014-9431

CVE Database · CVE-2014-9431

CVE-2014-9431

· N/AModified

CVSS v3.1

N/A

EPSS

0.90%

Published

Dec 31, 2014

Modified

May 6, 2026

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in Smoothwall Express 3.1 and 3.0 SP3 allow remote attackers to hijack the authentication of administrators for requests that change the (1) admin or (2) dial password via a request to httpd/cgi-bin/changepw.cgi.

Weaknesses (CWE)

CWE-352

Affected Products (2)

smoothwall · smoothwallvulnerable

References (4)

http://packetstormsecurity.com/files/129698/SmoothWall-3.1-Cross-Site-Request-Forgery-Cross-Site-Scripting.html

Exploit

https://exchange.xforce.ibmcloud.com/vulnerabilities/99403

http://packetstormsecurity.com/files/129698/SmoothWall-3.1-Cross-Site-Request-Forgery-Cross-Site-Scripting.html

Exploit

https://exchange.xforce.ibmcloud.com/vulnerabilities/99403

KEV Catalog EPSS Scores Vendors All CVEs