High severity7.8NVD Advisory· Published Sep 26, 2018· Updated Jun 17, 2026

CVE-2018-14327

Description

The installer for the Alcatel OSPREY3_MINI Modem component on EE EE40VB 4G mobile broadband modems with firmware before EE40_00_02.00_45 sets weak permissions (Everyone:Full Control) for the "Web Connecton\EE40" and "Web Connecton\EE40\BackgroundService" directories, which allows local users to gain privileges, as demonstrated by inserting a Trojan horse ServiceManager.exe file into the "Web Connecton\EE40\BackgroundService" directory.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

Ee/EE40VBllm-create
Range: before EE40_00_02.00_45
Alcatel Lucent/OSPREY3_MINI Modemllm-fuzzy
Range: before EE40_00_02.00_45

Patches

Vulnerability mechanics

References

blog.zerodaylab.com/2018/09/zerodaylab-discovers-ee-unquoted.htmlnvdExploitPatch
packetstormsecurity.com/files/149492/EE-4GEE-Mini-Local-Privilege-Escalation.htmlnvdExploitThird Party AdvisoryVDB Entry
osandamalith.com/2018/09/17/ee-4gee-mini-local-privilege-escalation-vulnerability-cve-2018-14327/nvdExploitPatchTechnical DescriptionThird Party Advisory
www.exploit-db.com/exploits/45501/nvdExploitThird Party AdvisoryVDB Entry
www.securityfocus.com/bid/105385nvdThird Party AdvisoryVDB Entry

News mentions

No linked articles in our index yet.

cvss	0.507
epss	0.004
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000