VYPR
Vendor

Compal Broadband Networks

Products
4
CVEs
10
Across products
23
Status
Private

Products

4

Recent CVEs

10
  • CVE-2026-7414CriMay 7, 2026
    risk 0.64cvss 9.8epss 0.01

    Yarbo firmware v2.3.9 contains hardcoded administrative credentials embedded in the firmware image. These credentials are identical across all devices running this firmware and cannot be changed or removed by end users, enabling trivial unauthorized access to device management…

  • CVE-2014-8657Nov 6, 2014
    risk 0.04cvss epss 0.07

    The Compal Broadband Networks (CBN) CH6640E and CG6640E Wireless Gateway 1.0 with firmware CH6640-3.5.11.7-NOSH allows remote attackers to cause a denial of service (disconnect all wifi clients) via a request to wirelessChannelStatus.html.

  • CVE-2014-8656Nov 6, 2014
    risk 0.04cvss epss 0.11

    The Compal Broadband Networks (CBN) CH6640E and CG6640E Wireless Gateway 1.0 with firmware CH6640-3.5.11.7-NOSH have a default password of (1) admin for the admin account and (2) compalbn for the root account, which makes it easier for remote attackers to obtain access to…

  • CVE-2014-8655Nov 6, 2014
    risk 0.04cvss epss 0.07

    The Compal Broadband Networks (CBN) CH6640E and CG6640E Wireless Gateway 1.0 with firmware CH6640-3.5.11.7-NOSH allows remote attackers to bypass authentication and obtain sensitive information via an (a) admin or a (b) root value in the userData cookie in a request to (1)…

  • CVE-2014-8654Nov 6, 2014
    risk 0.03cvss epss 0.03

    Multiple cross-site request forgery (CSRF) vulnerabilities in Compal Broadband Networks (CBN) CH6640E and CG6640E Wireless Gateway hardware 1.0 with firmware CH6640-3.5.11.7-NOSH allow remote attackers to hijack the authentication of administrators for requests that (1) have…

  • CVE-2014-8653Nov 6, 2014
    risk 0.03cvss epss 0.04

    Cross-site scripting (XSS) vulnerability in Compal Broadband Networks (CBN) CH6640E and CG6640E Wireless Gateway 1.0 with firmware CH6640-3.5.11.7-NOSH allows remote attackers to inject arbitrary web script or HTML via the userData cookie.

  • CVE-2022-26447Sep 6, 2022
    risk 0.00cvss epss 0.01

    In BT firmware, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06784478; Issue ID: ALPS06784478.

  • CVE-2021-27418Mar 23, 2022
    risk 0.00cvss epss 0.01

    GE UR firmware versions prior to version 8.1x supports web interface with read-only access. The device fails to properly validate user input, making it possible to perform cross-site scripting attacks, which may be used to send a malicious script. Also, UR Firmware web server…

  • CVE-2020-9529Aug 10, 2020
    risk 0.00cvss epss 0.03

    Firmware developed by Shenzhen Hichip Vision Technology (V6 through V20), as used by many different vendors in millions of Internet of Things devices, suffers from a privilege escalation vulnerability that allows attackers on the local network to reset the device's administrator…

  • CVE-2020-9528Aug 10, 2020
    risk 0.00cvss epss 0.01

    Firmware developed by Shenzhen Hichip Vision Technology (V6 through V20), as used by many different vendors in millions of Internet of Things devices, suffers from cryptographic issues that allow remote attackers to access user session data, as demonstrated by eavesdropping on…