Search criteria
3 vulnerabilities found for nb604n by netcommwireless
VAR-201410-0378
Vulnerability from variot - Updated: 2025-04-13 23:14Cross-site scripting (XSS) vulnerability in wlsecurity.html on NetCommWireless NB604N routers with firmware before GAN5.CZ56T-B-NC.AU-R4B030.EN allows remote attackers to inject arbitrary web script or HTML via the wlWpaPsk parameter. NetComm Wireless Provided by NB604N Is Wireless -> Security page (wlsecurity.html) Variables that are not sanitized wlWpaPsk Value of Javascript variable wpaPskKey Stored cross-site scripting vulnerability (CWE-79) Exists. The NetCommWireless NB604N is a router device. Sensitive information or hijacking user sessions. NetCommWireless NB604N is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and to launch other attacks. NetCommWireless NB604N GAN5.CZ56T-B-NC.AU-R4B010.EN is vulnerable; other versions may also be affected. NetComm Wireless NB604N Routers is a wireless router product of Australia NetComm Wireless company
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201410-0378",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "nb604n",
"scope": "lte",
"trust": 1.0,
"vendor": "netcommwireless",
"version": "gan5.cz56t-b-nc.au-r4b010.en"
},
{
"model": "nb604n",
"scope": "eq",
"trust": 1.0,
"vendor": "netcommwireless",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "netcomm",
"version": null
},
{
"model": "nb604n",
"scope": null,
"trust": 0.8,
"vendor": "netcomm",
"version": null
},
{
"model": "nb604n",
"scope": "eq",
"trust": 0.8,
"vendor": "netcomm",
"version": "gan5.cz56t-b-nc.au-r4b010.en"
},
{
"model": "wireless limited. netcommwireless nb604n gan5.cz56t-b-nc.au-r4b010.en",
"scope": null,
"trust": 0.6,
"vendor": "netcomm",
"version": null
},
{
"model": "nb604n",
"scope": "eq",
"trust": 0.6,
"vendor": "netcommwireless",
"version": "gan5.cz56t-b-nc.au-r4b010.en"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#941108"
},
{
"db": "CNVD",
"id": "CNVD-2014-06598"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004570"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-133"
},
{
"db": "NVD",
"id": "CVE-2014-4871"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:netcommwireless:nb604n",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:netcommwireless:nb604n_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-004570"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Katie Duczmal",
"sources": [
{
"db": "BID",
"id": "70253"
}
],
"trust": 0.3
},
"cve": "CVE-2014-4871",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2014-4871",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT DEFINED",
"baseScore": 3.5,
"collateralDamagePotential": "NOT DEFINED",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "NOT DEFINED",
"enviromentalScore": 2.3,
"exploitability": "PROOF-OF-CONCEPT",
"exploitabilityScore": 6.8,
"id": "CVE-2014-4871",
"impactScore": 2.9,
"integrityImpact": "NONE",
"integrityRequirement": "NOT DEFINED",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"remediationLevel": "UNAVAILABLE",
"reportConfidence": "NOT DEFINED",
"severity": "LOW",
"targetDistribution": "MEDIUM",
"trust": 0.8,
"userInteractionRequired": null,
"vector_string": "AV:N/AC:M/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "Single",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 3.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2014-004570",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.8,
"id": "CNVD-2014-06598",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-72812",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-4871",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2014-4871",
"trust": 0.8,
"value": "LOW"
},
{
"author": "IPA",
"id": "JVNDB-2014-004570",
"trust": 0.8,
"value": "Low"
},
{
"author": "CNVD",
"id": "CNVD-2014-06598",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-201410-133",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-72812",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#941108"
},
{
"db": "CNVD",
"id": "CNVD-2014-06598"
},
{
"db": "VULHUB",
"id": "VHN-72812"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004570"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-133"
},
{
"db": "NVD",
"id": "CVE-2014-4871"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site scripting (XSS) vulnerability in wlsecurity.html on NetCommWireless NB604N routers with firmware before GAN5.CZ56T-B-NC.AU-R4B030.EN allows remote attackers to inject arbitrary web script or HTML via the wlWpaPsk parameter. NetComm Wireless Provided by NB604N Is Wireless -\u003e Security page (wlsecurity.html) Variables that are not sanitized wlWpaPsk Value of Javascript variable wpaPskKey Stored cross-site scripting vulnerability (CWE-79) Exists. The NetCommWireless NB604N is a router device. Sensitive information or hijacking user sessions. NetCommWireless NB604N is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input. \nAn attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and to launch other attacks. \nNetCommWireless NB604N GAN5.CZ56T-B-NC.AU-R4B010.EN is vulnerable; other versions may also be affected. NetComm Wireless NB604N Routers is a wireless router product of Australia NetComm Wireless company",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-4871"
},
{
"db": "CERT/CC",
"id": "VU#941108"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004570"
},
{
"db": "CNVD",
"id": "CNVD-2014-06598"
},
{
"db": "BID",
"id": "70253"
},
{
"db": "VULHUB",
"id": "VHN-72812"
}
],
"trust": 3.24
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.kb.cert.org/vuls/id/941108",
"trust": 0.8,
"type": "poc"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#941108"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#941108",
"trust": 3.9
},
{
"db": "NVD",
"id": "CVE-2014-4871",
"trust": 3.4
},
{
"db": "BID",
"id": "70253",
"trust": 2.0
},
{
"db": "JVN",
"id": "JVNVU93498805",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004570",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201410-133",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2014-06598",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-72812",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#941108"
},
{
"db": "CNVD",
"id": "CNVD-2014-06598"
},
{
"db": "VULHUB",
"id": "VHN-72812"
},
{
"db": "BID",
"id": "70253"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004570"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-133"
},
{
"db": "NVD",
"id": "CVE-2014-4871"
}
]
},
"id": "VAR-201410-0378",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-06598"
},
{
"db": "VULHUB",
"id": "VHN-72812"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-06598"
}
]
},
"last_update_date": "2025-04-13T23:14:42.536000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Support - ADSL2+ Wireless N300 Modem Router - NB604N",
"trust": 0.8,
"url": "http://support.netcommwireless.com/product/adsl/nb604n"
},
{
"title": "\\302\\240\\302\\240\\302\\240\\302\\240\\302\\240NetCommWireless NB604N ADSL2+ Router \u0027wlsecurity.html\u0027 patch for HTML injection vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/50765"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-06598"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004570"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-72812"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004570"
},
{
"db": "NVD",
"id": "CVE-2014-4871"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "http://www.kb.cert.org/vuls/id/941108"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/70253"
},
{
"trust": 0.8,
"url": "http://cwe.mitre.org/data/definitions/79.html"
},
{
"trust": 0.8,
"url": "http://support.netcommwireless.com/product/adsl/nb604n"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-4871"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu93498805/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-4871"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#941108"
},
{
"db": "CNVD",
"id": "CNVD-2014-06598"
},
{
"db": "VULHUB",
"id": "VHN-72812"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004570"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-133"
},
{
"db": "NVD",
"id": "CVE-2014-4871"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#941108"
},
{
"db": "CNVD",
"id": "CNVD-2014-06598"
},
{
"db": "VULHUB",
"id": "VHN-72812"
},
{
"db": "BID",
"id": "70253"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004570"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-133"
},
{
"db": "NVD",
"id": "CVE-2014-4871"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-10-06T00:00:00",
"db": "CERT/CC",
"id": "VU#941108"
},
{
"date": "2014-10-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-06598"
},
{
"date": "2014-10-07T00:00:00",
"db": "VULHUB",
"id": "VHN-72812"
},
{
"date": "2014-10-06T00:00:00",
"db": "BID",
"id": "70253"
},
{
"date": "2014-10-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-004570"
},
{
"date": "2014-10-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201410-133"
},
{
"date": "2014-10-07T10:55:04.433000",
"db": "NVD",
"id": "CVE-2014-4871"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-10-06T00:00:00",
"db": "CERT/CC",
"id": "VU#941108"
},
{
"date": "2014-10-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-06598"
},
{
"date": "2015-10-06T00:00:00",
"db": "VULHUB",
"id": "VHN-72812"
},
{
"date": "2014-10-06T00:00:00",
"db": "BID",
"id": "70253"
},
{
"date": "2014-10-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-004570"
},
{
"date": "2014-10-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201410-133"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2014-4871"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201410-133"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "NetCommWireless NB604N ADSL2+ Router \u0027wlsecurity.html\u0027 HTML Injection Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-06598"
},
{
"db": "BID",
"id": "70253"
}
],
"trust": 0.9
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201410-133"
}
],
"trust": 0.6
}
}
CVE-2014-4871 (GCVE-0-2014-4871)
Vulnerability from nvd – Published: 2014-10-07 10:00 – Updated: 2024-08-06 11:27
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in wlsecurity.html on NetCommWireless NB604N routers with firmware before GAN5.CZ56T-B-NC.AU-R4B030.EN allows remote attackers to inject arbitrary web script or HTML via the wlWpaPsk parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:27:36.913Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "70253",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/70253"
},
{
"name": "VU#941108",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/941108"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-10-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in wlsecurity.html on NetCommWireless NB604N routers with firmware before GAN5.CZ56T-B-NC.AU-R4B030.EN allows remote attackers to inject arbitrary web script or HTML via the wlWpaPsk parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-04-29T18:57:00",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "70253",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/70253"
},
{
"name": "VU#941108",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/941108"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-4871",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in wlsecurity.html on NetCommWireless NB604N routers with firmware before GAN5.CZ56T-B-NC.AU-R4B030.EN allows remote attackers to inject arbitrary web script or HTML via the wlWpaPsk parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "70253",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70253"
},
{
"name": "VU#941108",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/941108"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2014-4871",
"datePublished": "2014-10-07T10:00:00",
"dateReserved": "2014-07-10T00:00:00",
"dateUpdated": "2024-08-06T11:27:36.913Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-4871 (GCVE-0-2014-4871)
Vulnerability from cvelistv5 – Published: 2014-10-07 10:00 – Updated: 2024-08-06 11:27
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in wlsecurity.html on NetCommWireless NB604N routers with firmware before GAN5.CZ56T-B-NC.AU-R4B030.EN allows remote attackers to inject arbitrary web script or HTML via the wlWpaPsk parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:27:36.913Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "70253",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/70253"
},
{
"name": "VU#941108",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/941108"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-10-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in wlsecurity.html on NetCommWireless NB604N routers with firmware before GAN5.CZ56T-B-NC.AU-R4B030.EN allows remote attackers to inject arbitrary web script or HTML via the wlWpaPsk parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-04-29T18:57:00",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "70253",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/70253"
},
{
"name": "VU#941108",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/941108"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-4871",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in wlsecurity.html on NetCommWireless NB604N routers with firmware before GAN5.CZ56T-B-NC.AU-R4B030.EN allows remote attackers to inject arbitrary web script or HTML via the wlWpaPsk parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "70253",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70253"
},
{
"name": "VU#941108",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/941108"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2014-4871",
"datePublished": "2014-10-07T10:00:00",
"dateReserved": "2014-07-10T00:00:00",
"dateUpdated": "2024-08-06T11:27:36.913Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}