Search criteria
12 vulnerabilities found for c54apm by conceptronic
VAR-201401-0501
Vulnerability from variot - Updated: 2025-04-11 23:16Multiple open redirect vulnerabilities on the Conceptronic C54APM access point with runtime code 1.26 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via (1) the submit-url parameter in a Refresh action to goform/formWlSiteSurvey or (2) the wlan-url parameter to goform/formWlanSetup. (1) goform/formWlSiteSurvey of Refresh In action submit-url Parameters (2) goform/formWlanSetup of wlan-url Parameters. The Conceptronic C54APM is a wireless AP device. The Openron redirection vulnerability exists in Conceptronic C54APM. A remote attacker can provide the 'submit-url' parameter in the Refresh operation to the goform/formWlSiteSurvey page or the 'wlan-url' parameter to the goform/formWlanSetup page. The attacker can use the vulnerability to redirect the user to any website and then implement the phishing. attack. Conceptronic C54APM 2.0 is prone to multiple open-redirection vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker can leverage these issues by constructing a crafted URI and enticing a user to follow it. When an unsuspecting victim follows the link, they may be redirected to an attacker-controlled site; this may aid in phishing attacks. Other attacks are possible. Conceptronic C54APM 2.0 running firmware 1.26 is vulnerable. Conceptronic C54APM is a wireless access device produced by German Conceptronic Company
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201401-0501",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "c54apm",
"scope": "eq",
"trust": 1.6,
"vendor": "conceptronic",
"version": "1.26"
},
{
"model": "c54apm",
"scope": "eq",
"trust": 1.0,
"vendor": "conceptronic",
"version": "v2"
},
{
"model": "c54apm",
"scope": "eq",
"trust": 0.9,
"vendor": "conceptronic",
"version": "2.01.26"
},
{
"model": "c54apm",
"scope": "eq",
"trust": 0.8,
"vendor": "conceptronic",
"version": "runtime code 1.26"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00259"
},
{
"db": "BID",
"id": "64794"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001033"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-153"
},
{
"db": "NVD",
"id": "CVE-2014-1405"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:conceptronic:c54apm",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-001033"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Antonio V\u00e1zquez Blanco",
"sources": [
{
"db": "BID",
"id": "64794"
}
],
"trust": 0.3
},
"cve": "CVE-2014-1405",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2014-1405",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2014-00259",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-69344",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-1405",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2014-1405",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2014-00259",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201401-153",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-69344",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00259"
},
{
"db": "VULHUB",
"id": "VHN-69344"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001033"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-153"
},
{
"db": "NVD",
"id": "CVE-2014-1405"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple open redirect vulnerabilities on the Conceptronic C54APM access point with runtime code 1.26 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via (1) the submit-url parameter in a Refresh action to goform/formWlSiteSurvey or (2) the wlan-url parameter to goform/formWlanSetup. (1) goform/formWlSiteSurvey of Refresh In action submit-url Parameters (2) goform/formWlanSetup of wlan-url Parameters. The Conceptronic C54APM is a wireless AP device. The Openron redirection vulnerability exists in Conceptronic C54APM. A remote attacker can provide the \u0027submit-url\u0027 parameter in the Refresh operation to the goform/formWlSiteSurvey page or the \u0027wlan-url\u0027 parameter to the goform/formWlanSetup page. The attacker can use the vulnerability to redirect the user to any website and then implement the phishing. attack. Conceptronic C54APM 2.0 is prone to multiple open-redirection vulnerabilities because the application fails to properly sanitize user-supplied input. \nAn attacker can leverage these issues by constructing a crafted URI and enticing a user to follow it. When an unsuspecting victim follows the link, they may be redirected to an attacker-controlled site; this may aid in phishing attacks. Other attacks are possible. \nConceptronic C54APM 2.0 running firmware 1.26 is vulnerable. Conceptronic C54APM is a wireless access device produced by German Conceptronic Company",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-1405"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001033"
},
{
"db": "CNVD",
"id": "CNVD-2014-00259"
},
{
"db": "BID",
"id": "64794"
},
{
"db": "VULHUB",
"id": "VHN-69344"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-1405",
"trust": 3.4
},
{
"db": "OSVDB",
"id": "101917",
"trust": 1.1
},
{
"db": "OSVDB",
"id": "101916",
"trust": 1.1
},
{
"db": "BID",
"id": "64794",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001033",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201401-153",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2014-00259",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-69344",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00259"
},
{
"db": "VULHUB",
"id": "VHN-69344"
},
{
"db": "BID",
"id": "64794"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001033"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-153"
},
{
"db": "NVD",
"id": "CVE-2014-1405"
}
]
},
"id": "VAR-201401-0501",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00259"
},
{
"db": "VULHUB",
"id": "VHN-69344"
}
],
"trust": 1.2999999999999998
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00259"
}
]
},
"last_update_date": "2025-04-11T23:16:35.527000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Conceptronic C54APM Version 2.0 Quick Installation Guide",
"trust": 0.8,
"url": "http://download.conceptronic.net/manuals/C04-058_C54APM_v2.0_Quick_Guide_ML.pdf"
},
{
"title": "C54APM",
"trust": 0.8,
"url": "http://www.conceptronic.net/es/download_list.php?stype=3\u0026productid=341"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-001033"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-69344"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001033"
},
{
"db": "NVD",
"id": "CVE-2014-1405"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "http://antoniovazquezblanco.github.io/docs/advisories/advisory_c54apm_multiple.pdf"
},
{
"trust": 1.1,
"url": "http://osvdb.org/101916"
},
{
"trust": 1.1,
"url": "http://osvdb.org/101917"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-1405"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-1405"
},
{
"trust": 0.3,
"url": "http://www.conceptronic.net/es/download_list.php?stype=3\u0026productid=341"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00259"
},
{
"db": "VULHUB",
"id": "VHN-69344"
},
{
"db": "BID",
"id": "64794"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001033"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-153"
},
{
"db": "NVD",
"id": "CVE-2014-1405"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2014-00259"
},
{
"db": "VULHUB",
"id": "VHN-69344"
},
{
"db": "BID",
"id": "64794"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001033"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-153"
},
{
"db": "NVD",
"id": "CVE-2014-1405"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-01-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-00259"
},
{
"date": "2014-01-10T00:00:00",
"db": "VULHUB",
"id": "VHN-69344"
},
{
"date": "2014-01-09T00:00:00",
"db": "BID",
"id": "64794"
},
{
"date": "2014-01-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-001033"
},
{
"date": "2014-01-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201401-153"
},
{
"date": "2014-01-10T16:47:06.130000",
"db": "NVD",
"id": "CVE-2014-1405"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-01-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-00259"
},
{
"date": "2015-08-07T00:00:00",
"db": "VULHUB",
"id": "VHN-69344"
},
{
"date": "2014-01-09T00:00:00",
"db": "BID",
"id": "64794"
},
{
"date": "2014-01-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-001033"
},
{
"date": "2014-01-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201401-153"
},
{
"date": "2025-04-11T00:51:21.963000",
"db": "NVD",
"id": "CVE-2014-1405"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201401-153"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Conceptronic C54APM Access point open redirect vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-001033"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201401-153"
}
],
"trust": 0.6
}
}
VAR-201401-0503
Vulnerability from variot - Updated: 2025-04-11 23:16Multiple cross-site scripting (XSS) vulnerabilities on the Conceptronic C54APM access point with runtime code 1.26 allow remote attackers to inject arbitrary web script or HTML via (1) the submit-url parameter in a Refresh action to goform/formWlSiteSurvey or (2) the wlan-url parameter to goform/formWlanSetup. (1) goform/formWlSiteSurvey of Refresh action of submit-url Parameters (2) goform/formWlanSetup of wlan-url Parameters. The Conceptronic C54APM is a wireless AP device. A cross-site scripting vulnerability exists in the Conceptronic C54APM device. The \342\200\230wlan-url\342\200\231 parameter was not properly filtered because the goform/formWlSiteSurvey page failed to properly filter the \342\200\230submit-url\342\200\231 parameter in the Refresh operation and the goform/formWlanSetup script. Conceptronic C54APM is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks. Conceptronic C54APM 2.0 running firmware 1.26 is vulnerable; other versions may be affected. Conceptronic C54APM is a wireless access device produced by German Conceptronic Company
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201401-0503",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "c54apm",
"scope": "eq",
"trust": 1.6,
"vendor": "conceptronic",
"version": "1.26"
},
{
"model": "c54apm",
"scope": "eq",
"trust": 1.0,
"vendor": "conceptronic",
"version": "v2"
},
{
"model": "c54apm",
"scope": "eq",
"trust": 0.9,
"vendor": "conceptronic",
"version": "2.01.26"
},
{
"model": "c54apm",
"scope": "eq",
"trust": 0.8,
"vendor": "conceptronic",
"version": "runtime code 1.26"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00257"
},
{
"db": "BID",
"id": "64793"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001035"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-155"
},
{
"db": "NVD",
"id": "CVE-2014-1407"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:conceptronic:c54apm",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-001035"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Antonio V\u00e1zquez Blanco",
"sources": [
{
"db": "BID",
"id": "64793"
}
],
"trust": 0.3
},
"cve": "CVE-2014-1407",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2014-1407",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2014-00257",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-69346",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-1407",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2014-1407",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2014-00257",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201401-155",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-69346",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00257"
},
{
"db": "VULHUB",
"id": "VHN-69346"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001035"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-155"
},
{
"db": "NVD",
"id": "CVE-2014-1407"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple cross-site scripting (XSS) vulnerabilities on the Conceptronic C54APM access point with runtime code 1.26 allow remote attackers to inject arbitrary web script or HTML via (1) the submit-url parameter in a Refresh action to goform/formWlSiteSurvey or (2) the wlan-url parameter to goform/formWlanSetup. (1) goform/formWlSiteSurvey of Refresh action of submit-url Parameters (2) goform/formWlanSetup of wlan-url Parameters. The Conceptronic C54APM is a wireless AP device. A cross-site scripting vulnerability exists in the Conceptronic C54APM device. The \\342\\200\\230wlan-url\\342\\200\\231 parameter was not properly filtered because the goform/formWlSiteSurvey page failed to properly filter the \\342\\200\\230submit-url\\342\\200\\231 parameter in the Refresh operation and the goform/formWlanSetup script. Conceptronic C54APM is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. \nAn attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks. \nConceptronic C54APM 2.0 running firmware 1.26 is vulnerable; other versions may be affected. Conceptronic C54APM is a wireless access device produced by German Conceptronic Company",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-1407"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001035"
},
{
"db": "CNVD",
"id": "CNVD-2014-00257"
},
{
"db": "BID",
"id": "64793"
},
{
"db": "VULHUB",
"id": "VHN-69346"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-1407",
"trust": 3.4
},
{
"db": "OSVDB",
"id": "101919",
"trust": 1.1
},
{
"db": "OSVDB",
"id": "101921",
"trust": 1.1
},
{
"db": "BID",
"id": "64793",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001035",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201401-155",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2014-00257",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-69346",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00257"
},
{
"db": "VULHUB",
"id": "VHN-69346"
},
{
"db": "BID",
"id": "64793"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001035"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-155"
},
{
"db": "NVD",
"id": "CVE-2014-1407"
}
]
},
"id": "VAR-201401-0503",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00257"
},
{
"db": "VULHUB",
"id": "VHN-69346"
}
],
"trust": 1.2999999999999998
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00257"
}
]
},
"last_update_date": "2025-04-11T23:16:35.493000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Conceptronic C54APM Version 2.0 Quick Installation Guide",
"trust": 0.8,
"url": "http://download.conceptronic.net/manuals/C04-058_C54APM_v2.0_Quick_Guide_ML.pdf"
},
{
"title": "C54APM",
"trust": 0.8,
"url": "http://www.conceptronic.net/es/download_list.php?stype=3\u0026productid=341"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-001035"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-69346"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001035"
},
{
"db": "NVD",
"id": "CVE-2014-1407"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "http://antoniovazquezblanco.github.io/docs/advisories/advisory_c54apm_multiple.pdf"
},
{
"trust": 1.1,
"url": "http://osvdb.org/101919"
},
{
"trust": 1.1,
"url": "http://osvdb.org/101921"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-1407"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-1407"
},
{
"trust": 0.3,
"url": "http://www.conceptronic.net/es/download_list.php?stype=3\u0026productid=341"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00257"
},
{
"db": "VULHUB",
"id": "VHN-69346"
},
{
"db": "BID",
"id": "64793"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001035"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-155"
},
{
"db": "NVD",
"id": "CVE-2014-1407"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2014-00257"
},
{
"db": "VULHUB",
"id": "VHN-69346"
},
{
"db": "BID",
"id": "64793"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001035"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-155"
},
{
"db": "NVD",
"id": "CVE-2014-1407"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-01-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-00257"
},
{
"date": "2014-01-10T00:00:00",
"db": "VULHUB",
"id": "VHN-69346"
},
{
"date": "2014-01-09T00:00:00",
"db": "BID",
"id": "64793"
},
{
"date": "2014-01-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-001035"
},
{
"date": "2014-01-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201401-155"
},
{
"date": "2014-01-10T16:47:06.193000",
"db": "NVD",
"id": "CVE-2014-1407"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-01-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-00257"
},
{
"date": "2015-08-07T00:00:00",
"db": "VULHUB",
"id": "VHN-69346"
},
{
"date": "2014-01-09T00:00:00",
"db": "BID",
"id": "64793"
},
{
"date": "2014-01-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-001035"
},
{
"date": "2014-01-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201401-155"
},
{
"date": "2025-04-11T00:51:21.963000",
"db": "NVD",
"id": "CVE-2014-1407"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201401-155"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Conceptronic C54APM Cross-Site Scripting Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00257"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-155"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201401-155"
}
],
"trust": 0.6
}
}
VAR-201401-0502
Vulnerability from variot - Updated: 2025-04-11 22:55CRLF injection vulnerability in goform/formWlSiteSurvey on the Conceptronic C54APM access point with runtime code 1.26 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the submit-url parameter in a Refresh action. The Conceptronic C54APM is a wireless AP device. The Conceptronic C54APM has an HTTP response split vulnerability. The goform/formWlSiteSurvey page failed to properly filter the \342\200\230submit-url\342\200\231 parameter in the Refresh operation. Attackers can leverage this issue to influence or misrepresent how web content is served, cached, or interpreted. This could aid in various attacks that try to entice client users into having a false sense of trust. Conceptronic C54APM 2.0 running firmware 1.26 is vulnerable. Conceptronic C54APM is a wireless access device produced by German Conceptronic Company. There is a CRLF injection vulnerability in the Conceptronic C54APM device using the Runtime Code 1.26 accessor
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201401-0502",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "c54apm",
"scope": "eq",
"trust": 1.6,
"vendor": "conceptronic",
"version": "1.26"
},
{
"model": "c54apm",
"scope": "eq",
"trust": 1.0,
"vendor": "conceptronic",
"version": "v2"
},
{
"model": "c54apm",
"scope": "eq",
"trust": 0.9,
"vendor": "conceptronic",
"version": "2.01.26"
},
{
"model": "c54apm",
"scope": "eq",
"trust": 0.8,
"vendor": "conceptronic",
"version": "runtime code 1.26"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00258"
},
{
"db": "BID",
"id": "64785"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001034"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-154"
},
{
"db": "NVD",
"id": "CVE-2014-1406"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:conceptronic:c54apm",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-001034"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Antonio V\u00e1zquez Blanco",
"sources": [
{
"db": "BID",
"id": "64785"
}
],
"trust": 0.3
},
"cve": "CVE-2014-1406",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2014-1406",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2014-00258",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-69345",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-1406",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2014-1406",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2014-00258",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201401-154",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-69345",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00258"
},
{
"db": "VULHUB",
"id": "VHN-69345"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001034"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-154"
},
{
"db": "NVD",
"id": "CVE-2014-1406"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "CRLF injection vulnerability in goform/formWlSiteSurvey on the Conceptronic C54APM access point with runtime code 1.26 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the submit-url parameter in a Refresh action. The Conceptronic C54APM is a wireless AP device. The Conceptronic C54APM has an HTTP response split vulnerability. The goform/formWlSiteSurvey page failed to properly filter the \\342\\200\\230submit-url\\342\\200\\231 parameter in the Refresh operation. \nAttackers can leverage this issue to influence or misrepresent how web content is served, cached, or interpreted. This could aid in various attacks that try to entice client users into having a false sense of trust. \nConceptronic C54APM 2.0 running firmware 1.26 is vulnerable. Conceptronic C54APM is a wireless access device produced by German Conceptronic Company. There is a CRLF injection vulnerability in the Conceptronic C54APM device using the Runtime Code 1.26 accessor",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-1406"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001034"
},
{
"db": "CNVD",
"id": "CNVD-2014-00258"
},
{
"db": "BID",
"id": "64785"
},
{
"db": "VULHUB",
"id": "VHN-69345"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-1406",
"trust": 3.4
},
{
"db": "BID",
"id": "64785",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001034",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201401-154",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2014-00258",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-69345",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00258"
},
{
"db": "VULHUB",
"id": "VHN-69345"
},
{
"db": "BID",
"id": "64785"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001034"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-154"
},
{
"db": "NVD",
"id": "CVE-2014-1406"
}
]
},
"id": "VAR-201401-0502",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00258"
},
{
"db": "VULHUB",
"id": "VHN-69345"
}
],
"trust": 1.2999999999999998
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00258"
}
]
},
"last_update_date": "2025-04-11T22:55:48.817000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Conceptronic C54APM Version 2.0 Quick Installation Guide",
"trust": 0.8,
"url": "http://download.conceptronic.net/manuals/C04-058_C54APM_v2.0_Quick_Guide_ML.pdf"
},
{
"title": "C54APM",
"trust": 0.8,
"url": "http://www.conceptronic.net/es/download_list.php?stype=3\u0026productid=341"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-001034"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-69345"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001034"
},
{
"db": "NVD",
"id": "CVE-2014-1406"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "http://antoniovazquezblanco.github.io/docs/advisories/advisory_c54apm_multiple.pdf"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-1406"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-1406"
},
{
"trust": 0.3,
"url": "http://www.conceptronic.net/es/download_list.php?stype=3\u0026productid=341"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00258"
},
{
"db": "VULHUB",
"id": "VHN-69345"
},
{
"db": "BID",
"id": "64785"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001034"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-154"
},
{
"db": "NVD",
"id": "CVE-2014-1406"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2014-00258"
},
{
"db": "VULHUB",
"id": "VHN-69345"
},
{
"db": "BID",
"id": "64785"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001034"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-154"
},
{
"db": "NVD",
"id": "CVE-2014-1406"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-01-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-00258"
},
{
"date": "2014-01-10T00:00:00",
"db": "VULHUB",
"id": "VHN-69345"
},
{
"date": "2014-01-09T00:00:00",
"db": "BID",
"id": "64785"
},
{
"date": "2014-01-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-001034"
},
{
"date": "2014-01-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201401-154"
},
{
"date": "2014-01-10T16:47:06.160000",
"db": "NVD",
"id": "CVE-2014-1406"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-01-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-00258"
},
{
"date": "2014-05-05T00:00:00",
"db": "VULHUB",
"id": "VHN-69345"
},
{
"date": "2014-01-09T00:00:00",
"db": "BID",
"id": "64785"
},
{
"date": "2014-01-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-001034"
},
{
"date": "2014-01-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201401-154"
},
{
"date": "2025-04-11T00:51:21.963000",
"db": "NVD",
"id": "CVE-2014-1406"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201401-154"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Conceptronic C54APM Access point goform/formWlSiteSurvey In CRLF Injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-001034"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201401-154"
}
],
"trust": 0.6
}
}
VAR-201401-0504
Vulnerability from variot - Updated: 2025-04-11 22:53The Conceptronic C54APM access point with runtime code 1.26 has a default password of admin for the admin account, which makes it easier for remote attackers to obtain access via an HTTP request, as demonstrated by stored XSS attacks. The Conceptronic C54APM is a wireless AP device. The Conceptronic C54APM has an unsafe default password vulnerability. Because the program uses the default password for the management account. Conceptronic C54APM 2.0 is prone to an insecure-default-password vulnerability. Conceptronic C54APM 2.0 running firmware 1.26 is vulnerable. Conceptronic C54APM is a wireless access device produced by German Conceptronic Company. There is a trust management vulnerability in the Conceptronic C54APM device using the Runtime Code 1.26 accessor
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201401-0504",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "c54apm",
"scope": "eq",
"trust": 1.6,
"vendor": "conceptronic",
"version": "1.26"
},
{
"model": "c54apm",
"scope": "eq",
"trust": 1.0,
"vendor": "conceptronic",
"version": "v2"
},
{
"model": "c54apm",
"scope": "eq",
"trust": 0.9,
"vendor": "conceptronic",
"version": "2.01.26"
},
{
"model": "c54apm",
"scope": "eq",
"trust": 0.8,
"vendor": "conceptronic",
"version": "runtime code 1.26"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00256"
},
{
"db": "BID",
"id": "64790"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001036"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-156"
},
{
"db": "NVD",
"id": "CVE-2014-1408"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:conceptronic:c54apm",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-001036"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Antonio V\u00e1zquez Blanco",
"sources": [
{
"db": "BID",
"id": "64790"
}
],
"trust": 0.3
},
"cve": "CVE-2014-1408",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2014-1408",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2014-00256",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-69347",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-1408",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2014-1408",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2014-00256",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201401-156",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-69347",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00256"
},
{
"db": "VULHUB",
"id": "VHN-69347"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001036"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-156"
},
{
"db": "NVD",
"id": "CVE-2014-1408"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Conceptronic C54APM access point with runtime code 1.26 has a default password of admin for the admin account, which makes it easier for remote attackers to obtain access via an HTTP request, as demonstrated by stored XSS attacks. The Conceptronic C54APM is a wireless AP device. The Conceptronic C54APM has an unsafe default password vulnerability. Because the program uses the default password for the management account. Conceptronic C54APM 2.0 is prone to an insecure-default-password vulnerability. \nConceptronic C54APM 2.0 running firmware 1.26 is vulnerable. Conceptronic C54APM is a wireless access device produced by German Conceptronic Company. There is a trust management vulnerability in the Conceptronic C54APM device using the Runtime Code 1.26 accessor",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-1408"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001036"
},
{
"db": "CNVD",
"id": "CNVD-2014-00256"
},
{
"db": "BID",
"id": "64790"
},
{
"db": "VULHUB",
"id": "VHN-69347"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-1408",
"trust": 3.4
},
{
"db": "BID",
"id": "64790",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001036",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201401-156",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2014-00256",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-69347",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00256"
},
{
"db": "VULHUB",
"id": "VHN-69347"
},
{
"db": "BID",
"id": "64790"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001036"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-156"
},
{
"db": "NVD",
"id": "CVE-2014-1408"
}
]
},
"id": "VAR-201401-0504",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00256"
},
{
"db": "VULHUB",
"id": "VHN-69347"
}
],
"trust": 1.2999999999999998
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00256"
}
]
},
"last_update_date": "2025-04-11T22:53:07.391000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Conceptronic C54APM Version 2.0 Quick Installation Guide",
"trust": 0.8,
"url": "http://download.conceptronic.net/manuals/C04-058_C54APM_v2.0_Quick_Guide_ML.pdf"
},
{
"title": "C54APM",
"trust": 0.8,
"url": "http://www.conceptronic.net/es/download_list.php?stype=3\u0026productid=341"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-001036"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-255",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-69347"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001036"
},
{
"db": "NVD",
"id": "CVE-2014-1408"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "http://antoniovazquezblanco.github.io/docs/advisories/advisory_c54apm_multiple.pdf"
},
{
"trust": 1.7,
"url": "http://download.conceptronic.net/manuals/c04-058_c54apm_v2.0_quick_guide_ml.pdf"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-1408"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-1408"
},
{
"trust": 0.3,
"url": "http://www.conceptronic.net/es/download_list.php?stype=3\u0026productid=341"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00256"
},
{
"db": "VULHUB",
"id": "VHN-69347"
},
{
"db": "BID",
"id": "64790"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001036"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-156"
},
{
"db": "NVD",
"id": "CVE-2014-1408"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2014-00256"
},
{
"db": "VULHUB",
"id": "VHN-69347"
},
{
"db": "BID",
"id": "64790"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001036"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-156"
},
{
"db": "NVD",
"id": "CVE-2014-1408"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-01-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-00256"
},
{
"date": "2014-01-10T00:00:00",
"db": "VULHUB",
"id": "VHN-69347"
},
{
"date": "2014-01-09T00:00:00",
"db": "BID",
"id": "64790"
},
{
"date": "2014-01-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-001036"
},
{
"date": "2014-01-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201401-156"
},
{
"date": "2014-01-10T16:47:06.333000",
"db": "NVD",
"id": "CVE-2014-1408"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-01-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-00256"
},
{
"date": "2014-05-05T00:00:00",
"db": "VULHUB",
"id": "VHN-69347"
},
{
"date": "2014-01-09T00:00:00",
"db": "BID",
"id": "64790"
},
{
"date": "2014-01-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-001036"
},
{
"date": "2014-01-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201401-156"
},
{
"date": "2025-04-11T00:51:21.963000",
"db": "NVD",
"id": "CVE-2014-1408"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201401-156"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Conceptronic C54APM Access point acquisition vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-001036"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201401-156"
}
],
"trust": 0.6
}
}
CVE-2014-1408 (GCVE-0-2014-1408)
Vulnerability from nvd – Published: 2014-01-10 16:00 – Updated: 2024-08-06 09:42
VLAI?
Summary
The Conceptronic C54APM access point with runtime code 1.26 has a default password of admin for the admin account, which makes it easier for remote attackers to obtain access via an HTTP request, as demonstrated by stored XSS attacks.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:42:35.414Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://antoniovazquezblanco.github.io/docs/advisories/Advisory_C54APM_Multiple.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://download.conceptronic.net/manuals/C04-058_C54APM_v2.0_Quick_Guide_ML.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-01-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The Conceptronic C54APM access point with runtime code 1.26 has a default password of admin for the admin account, which makes it easier for remote attackers to obtain access via an HTTP request, as demonstrated by stored XSS attacks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-01-10T15:57:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://antoniovazquezblanco.github.io/docs/advisories/Advisory_C54APM_Multiple.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://download.conceptronic.net/manuals/C04-058_C54APM_v2.0_Quick_Guide_ML.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-1408",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Conceptronic C54APM access point with runtime code 1.26 has a default password of admin for the admin account, which makes it easier for remote attackers to obtain access via an HTTP request, as demonstrated by stored XSS attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://antoniovazquezblanco.github.io/docs/advisories/Advisory_C54APM_Multiple.pdf",
"refsource": "MISC",
"url": "http://antoniovazquezblanco.github.io/docs/advisories/Advisory_C54APM_Multiple.pdf"
},
{
"name": "http://download.conceptronic.net/manuals/C04-058_C54APM_v2.0_Quick_Guide_ML.pdf",
"refsource": "CONFIRM",
"url": "http://download.conceptronic.net/manuals/C04-058_C54APM_v2.0_Quick_Guide_ML.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-1408",
"datePublished": "2014-01-10T16:00:00.000Z",
"dateReserved": "2014-01-10T00:00:00.000Z",
"dateUpdated": "2024-08-06T09:42:35.414Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-1407 (GCVE-0-2014-1407)
Vulnerability from nvd – Published: 2014-01-10 16:00 – Updated: 2024-08-06 09:42
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities on the Conceptronic C54APM access point with runtime code 1.26 allow remote attackers to inject arbitrary web script or HTML via (1) the submit-url parameter in a Refresh action to goform/formWlSiteSurvey or (2) the wlan-url parameter to goform/formWlanSetup.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:42:35.379Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "101919",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/101919"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://antoniovazquezblanco.github.io/docs/advisories/Advisory_C54APM_Multiple.pdf"
},
{
"name": "101921",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/101921"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-01-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities on the Conceptronic C54APM access point with runtime code 1.26 allow remote attackers to inject arbitrary web script or HTML via (1) the submit-url parameter in a Refresh action to goform/formWlSiteSurvey or (2) the wlan-url parameter to goform/formWlanSetup."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-05-15T16:57:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "101919",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/101919"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://antoniovazquezblanco.github.io/docs/advisories/Advisory_C54APM_Multiple.pdf"
},
{
"name": "101921",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/101921"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-1407",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities on the Conceptronic C54APM access point with runtime code 1.26 allow remote attackers to inject arbitrary web script or HTML via (1) the submit-url parameter in a Refresh action to goform/formWlSiteSurvey or (2) the wlan-url parameter to goform/formWlanSetup."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "101919",
"refsource": "OSVDB",
"url": "http://osvdb.org/101919"
},
{
"name": "http://antoniovazquezblanco.github.io/docs/advisories/Advisory_C54APM_Multiple.pdf",
"refsource": "MISC",
"url": "http://antoniovazquezblanco.github.io/docs/advisories/Advisory_C54APM_Multiple.pdf"
},
{
"name": "101921",
"refsource": "OSVDB",
"url": "http://osvdb.org/101921"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-1407",
"datePublished": "2014-01-10T16:00:00.000Z",
"dateReserved": "2014-01-10T00:00:00.000Z",
"dateUpdated": "2024-08-06T09:42:35.379Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-1406 (GCVE-0-2014-1406)
Vulnerability from nvd – Published: 2014-01-10 16:00 – Updated: 2024-08-06 09:42
VLAI?
Summary
CRLF injection vulnerability in goform/formWlSiteSurvey on the Conceptronic C54APM access point with runtime code 1.26 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the submit-url parameter in a Refresh action.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:42:35.313Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://antoniovazquezblanco.github.io/docs/advisories/Advisory_C54APM_Multiple.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-01-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "CRLF injection vulnerability in goform/formWlSiteSurvey on the Conceptronic C54APM access point with runtime code 1.26 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the submit-url parameter in a Refresh action."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-01-10T15:57:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://antoniovazquezblanco.github.io/docs/advisories/Advisory_C54APM_Multiple.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-1406",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CRLF injection vulnerability in goform/formWlSiteSurvey on the Conceptronic C54APM access point with runtime code 1.26 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the submit-url parameter in a Refresh action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://antoniovazquezblanco.github.io/docs/advisories/Advisory_C54APM_Multiple.pdf",
"refsource": "MISC",
"url": "http://antoniovazquezblanco.github.io/docs/advisories/Advisory_C54APM_Multiple.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-1406",
"datePublished": "2014-01-10T16:00:00.000Z",
"dateReserved": "2014-01-10T00:00:00.000Z",
"dateUpdated": "2024-08-06T09:42:35.313Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-1405 (GCVE-0-2014-1405)
Vulnerability from nvd – Published: 2014-01-10 16:00 – Updated: 2024-08-06 09:42
VLAI?
Summary
Multiple open redirect vulnerabilities on the Conceptronic C54APM access point with runtime code 1.26 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via (1) the submit-url parameter in a Refresh action to goform/formWlSiteSurvey or (2) the wlan-url parameter to goform/formWlanSetup.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:42:35.552Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://antoniovazquezblanco.github.io/docs/advisories/Advisory_C54APM_Multiple.pdf"
},
{
"name": "101916",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/101916"
},
{
"name": "101917",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/101917"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-01-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple open redirect vulnerabilities on the Conceptronic C54APM access point with runtime code 1.26 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via (1) the submit-url parameter in a Refresh action to goform/formWlSiteSurvey or (2) the wlan-url parameter to goform/formWlanSetup."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-05-15T16:57:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://antoniovazquezblanco.github.io/docs/advisories/Advisory_C54APM_Multiple.pdf"
},
{
"name": "101916",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/101916"
},
{
"name": "101917",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/101917"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-1405",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple open redirect vulnerabilities on the Conceptronic C54APM access point with runtime code 1.26 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via (1) the submit-url parameter in a Refresh action to goform/formWlSiteSurvey or (2) the wlan-url parameter to goform/formWlanSetup."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://antoniovazquezblanco.github.io/docs/advisories/Advisory_C54APM_Multiple.pdf",
"refsource": "MISC",
"url": "http://antoniovazquezblanco.github.io/docs/advisories/Advisory_C54APM_Multiple.pdf"
},
{
"name": "101916",
"refsource": "OSVDB",
"url": "http://osvdb.org/101916"
},
{
"name": "101917",
"refsource": "OSVDB",
"url": "http://osvdb.org/101917"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-1405",
"datePublished": "2014-01-10T16:00:00.000Z",
"dateReserved": "2014-01-10T00:00:00.000Z",
"dateUpdated": "2024-08-06T09:42:35.552Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-1405 (GCVE-0-2014-1405)
Vulnerability from cvelistv5 – Published: 2014-01-10 16:00 – Updated: 2024-08-06 09:42
VLAI?
Summary
Multiple open redirect vulnerabilities on the Conceptronic C54APM access point with runtime code 1.26 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via (1) the submit-url parameter in a Refresh action to goform/formWlSiteSurvey or (2) the wlan-url parameter to goform/formWlanSetup.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:42:35.552Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://antoniovazquezblanco.github.io/docs/advisories/Advisory_C54APM_Multiple.pdf"
},
{
"name": "101916",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/101916"
},
{
"name": "101917",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/101917"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-01-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple open redirect vulnerabilities on the Conceptronic C54APM access point with runtime code 1.26 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via (1) the submit-url parameter in a Refresh action to goform/formWlSiteSurvey or (2) the wlan-url parameter to goform/formWlanSetup."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-05-15T16:57:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://antoniovazquezblanco.github.io/docs/advisories/Advisory_C54APM_Multiple.pdf"
},
{
"name": "101916",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/101916"
},
{
"name": "101917",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/101917"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-1405",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple open redirect vulnerabilities on the Conceptronic C54APM access point with runtime code 1.26 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via (1) the submit-url parameter in a Refresh action to goform/formWlSiteSurvey or (2) the wlan-url parameter to goform/formWlanSetup."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://antoniovazquezblanco.github.io/docs/advisories/Advisory_C54APM_Multiple.pdf",
"refsource": "MISC",
"url": "http://antoniovazquezblanco.github.io/docs/advisories/Advisory_C54APM_Multiple.pdf"
},
{
"name": "101916",
"refsource": "OSVDB",
"url": "http://osvdb.org/101916"
},
{
"name": "101917",
"refsource": "OSVDB",
"url": "http://osvdb.org/101917"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-1405",
"datePublished": "2014-01-10T16:00:00.000Z",
"dateReserved": "2014-01-10T00:00:00.000Z",
"dateUpdated": "2024-08-06T09:42:35.552Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-1408 (GCVE-0-2014-1408)
Vulnerability from cvelistv5 – Published: 2014-01-10 16:00 – Updated: 2024-08-06 09:42
VLAI?
Summary
The Conceptronic C54APM access point with runtime code 1.26 has a default password of admin for the admin account, which makes it easier for remote attackers to obtain access via an HTTP request, as demonstrated by stored XSS attacks.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:42:35.414Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://antoniovazquezblanco.github.io/docs/advisories/Advisory_C54APM_Multiple.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://download.conceptronic.net/manuals/C04-058_C54APM_v2.0_Quick_Guide_ML.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-01-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The Conceptronic C54APM access point with runtime code 1.26 has a default password of admin for the admin account, which makes it easier for remote attackers to obtain access via an HTTP request, as demonstrated by stored XSS attacks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-01-10T15:57:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://antoniovazquezblanco.github.io/docs/advisories/Advisory_C54APM_Multiple.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://download.conceptronic.net/manuals/C04-058_C54APM_v2.0_Quick_Guide_ML.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-1408",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Conceptronic C54APM access point with runtime code 1.26 has a default password of admin for the admin account, which makes it easier for remote attackers to obtain access via an HTTP request, as demonstrated by stored XSS attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://antoniovazquezblanco.github.io/docs/advisories/Advisory_C54APM_Multiple.pdf",
"refsource": "MISC",
"url": "http://antoniovazquezblanco.github.io/docs/advisories/Advisory_C54APM_Multiple.pdf"
},
{
"name": "http://download.conceptronic.net/manuals/C04-058_C54APM_v2.0_Quick_Guide_ML.pdf",
"refsource": "CONFIRM",
"url": "http://download.conceptronic.net/manuals/C04-058_C54APM_v2.0_Quick_Guide_ML.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-1408",
"datePublished": "2014-01-10T16:00:00.000Z",
"dateReserved": "2014-01-10T00:00:00.000Z",
"dateUpdated": "2024-08-06T09:42:35.414Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-1407 (GCVE-0-2014-1407)
Vulnerability from cvelistv5 – Published: 2014-01-10 16:00 – Updated: 2024-08-06 09:42
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities on the Conceptronic C54APM access point with runtime code 1.26 allow remote attackers to inject arbitrary web script or HTML via (1) the submit-url parameter in a Refresh action to goform/formWlSiteSurvey or (2) the wlan-url parameter to goform/formWlanSetup.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:42:35.379Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "101919",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/101919"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://antoniovazquezblanco.github.io/docs/advisories/Advisory_C54APM_Multiple.pdf"
},
{
"name": "101921",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/101921"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-01-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities on the Conceptronic C54APM access point with runtime code 1.26 allow remote attackers to inject arbitrary web script or HTML via (1) the submit-url parameter in a Refresh action to goform/formWlSiteSurvey or (2) the wlan-url parameter to goform/formWlanSetup."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-05-15T16:57:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "101919",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/101919"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://antoniovazquezblanco.github.io/docs/advisories/Advisory_C54APM_Multiple.pdf"
},
{
"name": "101921",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/101921"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-1407",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities on the Conceptronic C54APM access point with runtime code 1.26 allow remote attackers to inject arbitrary web script or HTML via (1) the submit-url parameter in a Refresh action to goform/formWlSiteSurvey or (2) the wlan-url parameter to goform/formWlanSetup."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "101919",
"refsource": "OSVDB",
"url": "http://osvdb.org/101919"
},
{
"name": "http://antoniovazquezblanco.github.io/docs/advisories/Advisory_C54APM_Multiple.pdf",
"refsource": "MISC",
"url": "http://antoniovazquezblanco.github.io/docs/advisories/Advisory_C54APM_Multiple.pdf"
},
{
"name": "101921",
"refsource": "OSVDB",
"url": "http://osvdb.org/101921"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-1407",
"datePublished": "2014-01-10T16:00:00.000Z",
"dateReserved": "2014-01-10T00:00:00.000Z",
"dateUpdated": "2024-08-06T09:42:35.379Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-1406 (GCVE-0-2014-1406)
Vulnerability from cvelistv5 – Published: 2014-01-10 16:00 – Updated: 2024-08-06 09:42
VLAI?
Summary
CRLF injection vulnerability in goform/formWlSiteSurvey on the Conceptronic C54APM access point with runtime code 1.26 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the submit-url parameter in a Refresh action.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:42:35.313Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://antoniovazquezblanco.github.io/docs/advisories/Advisory_C54APM_Multiple.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-01-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "CRLF injection vulnerability in goform/formWlSiteSurvey on the Conceptronic C54APM access point with runtime code 1.26 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the submit-url parameter in a Refresh action."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-01-10T15:57:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://antoniovazquezblanco.github.io/docs/advisories/Advisory_C54APM_Multiple.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-1406",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CRLF injection vulnerability in goform/formWlSiteSurvey on the Conceptronic C54APM access point with runtime code 1.26 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the submit-url parameter in a Refresh action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://antoniovazquezblanco.github.io/docs/advisories/Advisory_C54APM_Multiple.pdf",
"refsource": "MISC",
"url": "http://antoniovazquezblanco.github.io/docs/advisories/Advisory_C54APM_Multiple.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-1406",
"datePublished": "2014-01-10T16:00:00.000Z",
"dateReserved": "2014-01-10T00:00:00.000Z",
"dateUpdated": "2024-08-06T09:42:35.313Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}