VAR-201401-0414
Vulnerability from variot - Updated: 2025-04-11 23:15Cross-site scripting (XSS) vulnerability in login.esp in the Web Management Interface in Media5 Mediatrix 4402 VoIP Gateway with firmware Dgw 1.1.13.186 and earlier allows remote attackers to inject arbitrary web script or HTML via the username parameter. (CWE-79). The Mediatrix 4402 Device is a VoIP adapter. Execute malicious script code to get sensitive information or hijack user sessions. Mediatrix 4402 is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. Mediatrix 4402 running firmware Dgw 1.1.13.186 is vulnerable; other versions may also be affected. Advisory ID: hag201476 Product: Mediatrix Web Management Interface Vendor: Media5 Corporation Vulnerable Version(s): Mediatrix 4402 Device with Firmware Dgw 1.1.13.186 and probably prior Tested Version: Mediatrix 4402 Device with Firmware Dgw 1.1.13.186 Advisory Publication: January 23, 2014 Vendor Notification: November 13, 2013 Public Disclosure: January 23, 2014 Vulnerability Type: Cross-Site Scripting [CWE-79] CVE Reference: CVE-2014-1612 Risk Level: Medium CVSSv2 Base Score: 6.4 (AV:N/AC:H/Au:N/C:N/I:P/A:N) Solution Status: Solution not yet released Discovered and Provided: Help AG Middle East
about the vendor: Media5 products and technologies are deployed in millions of broadband connected devices including smartphones, set-top boxes, and a wide variety of telecommunications equipment and applications. Our VoIP expertise went on to deliver the Mediatrix family of VoIP ATAs and Gateways, and now includes a suite of voice and video mobility solutions and the M5T family of secure SIP-based solutions for the telecommunications marketplace. As the targeted Mediatrix device in our case is used for providing voice over IP (VoIP) connectivity to ISDN telephones, the attacker could even set up his rogue SIP server, replace the original one in the Mediatrix configuration and listen to all corporate calls if an administrative account is compromised via the XSS in the login page.
Solution:
The vendor was notified, contact the vendor for the patch details
References:
[1] help AG middle East http://www.helpag.com/. [2] Media5 Corporation http://www.mediatrix.com/en/company [3] Common Vulnerabilities and Exposures (CVE) - http://cve.mitre.org/ - international in scope and free for public use, CVE® is a dictionary of publicly known information security vulnerabilities and exposures. [4] Common Weakness Enumeration (CWE) - http://cwe.mitre.org - targeted to developers and security practitioners, CWE is a formal list of software weakness types.
Disclaimer: The information provided in this Advisory is provided "as is" and without any warranty of any kind. Details of this Advisory may be updated in order to provide as accurate information as possible
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201401-0414",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mediatrix voip gateway 4402",
"scope": "eq",
"trust": 1.6,
"vendor": "media5",
"version": "dgw_1.1.13.186"
},
{
"model": "mediatrix voip gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "media5",
"version": "4402"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "media5",
"version": null
},
{
"model": "mediatrix 4402 digital voip gateways",
"scope": "lte",
"trust": 0.8,
"vendor": "media5",
"version": "dgw 1.1.13.186"
},
{
"model": "mediatrix digital voip gateways",
"scope": "eq",
"trust": 0.8,
"vendor": "media5",
"version": "4402"
},
{
"model": "mediatrix device",
"scope": "eq",
"trust": 0.6,
"vendor": "media5",
"version": "44021.1.13.186"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#252294"
},
{
"db": "CNVD",
"id": "CNVD-2014-00610"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001294"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-598"
},
{
"db": "NVD",
"id": "CVE-2014-1612"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:media5:mediatrix_voip_gateway_4402_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:media5:mediatrix_voip_gateway",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-001294"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "tudor enache",
"sources": [
{
"db": "BID",
"id": "65108"
}
],
"trust": 0.3
},
"cve": "CVE-2014-1612",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2014-1612",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT DEFINED",
"baseScore": 4.3,
"collateralDamagePotential": "NOT DEFINED",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "NOT DEFINED",
"enviromentalScore": 0.8,
"exploitability": "UNPROVEN",
"exploitabilityScore": 8.6,
"id": "CVE-2014-1612",
"impactScore": 2.9,
"integrityImpact": "NONE",
"integrityRequirement": "NOT DEFINED",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"remediationLevel": "NOT DEFINED",
"reportConfidence": "UNCOFIRMED",
"severity": "MEDIUM",
"targetDistribution": "LOW",
"trust": 0.8,
"userInteractionRequired": null,
"vector_string": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"exploitabilityScore": 4.9,
"id": "CNVD-2014-00610",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-69551",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2014-1612",
"trust": 1.6,
"value": "MEDIUM"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2014-1612",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2014-00610",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-201401-598",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-69551",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#252294"
},
{
"db": "CNVD",
"id": "CNVD-2014-00610"
},
{
"db": "VULHUB",
"id": "VHN-69551"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001294"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-598"
},
{
"db": "NVD",
"id": "CVE-2014-1612"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site scripting (XSS) vulnerability in login.esp in the Web Management Interface in Media5 Mediatrix 4402 VoIP Gateway with firmware Dgw 1.1.13.186 and earlier allows remote attackers to inject arbitrary web script or HTML via the username parameter. (CWE-79). The Mediatrix 4402 Device is a VoIP adapter. Execute malicious script code to get sensitive information or hijack user sessions. Mediatrix 4402 is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. \nMediatrix 4402 running firmware Dgw 1.1.13.186 is vulnerable; other versions may also be affected. Advisory ID: hag201476\nProduct: Mediatrix Web Management Interface\nVendor: Media5 Corporation\nVulnerable Version(s): Mediatrix 4402 Device with Firmware Dgw 1.1.13.186 and probably prior\nTested Version: Mediatrix 4402 Device with Firmware Dgw 1.1.13.186\nAdvisory Publication: January 23, 2014 \nVendor Notification: November 13, 2013 \nPublic Disclosure: January 23, 2014 \nVulnerability Type: Cross-Site Scripting [CWE-79]\nCVE Reference: CVE-2014-1612\nRisk Level: Medium \nCVSSv2 Base Score: 6.4 (AV:N/AC:H/Au:N/C:N/I:P/A:N)\nSolution Status: Solution not yet released\nDiscovered and Provided: Help AG Middle East\n\n------------------------------------------------------------------------\n\n-----------------------\n\nabout the vendor:\nMedia5 products and technologies are deployed in millions of broadband connected devices including smartphones, set-top boxes, and a wide variety of telecommunications equipment and applications. \n Our VoIP expertise went on to deliver the Mediatrix family of VoIP ATAs and Gateways, and now includes a suite of voice and video mobility solutions and the M5T family of secure SIP-based solutions for the telecommunications marketplace. As the targeted Mediatrix device in our case is used for providing voice over IP (VoIP) connectivity to ISDN telephones, the attacker could even set up his rogue SIP server, replace the original one in the Mediatrix configuration and listen to all corporate calls if an administrative account is compromised via the XSS in the login page. \n\n------------------------------------------------------------------------\n\n-----------------------\n\nSolution:\n\nThe vendor was notified, contact the vendor for the patch details\n\n------------------------------------------------------------------------\n\n-----------------------\n\nReferences:\n\n[1] help AG middle East http://www.helpag.com/. \n[2] Media5 Corporation http://www.mediatrix.com/en/company \n[3] Common Vulnerabilities and Exposures (CVE) - http://cve.mitre.org/ - international in scope and free for public use, CVE\u00ae is a dictionary of publicly known information security vulnerabilities and exposures. \n[4] Common Weakness Enumeration (CWE) - http://cwe.mitre.org - targeted to developers and security practitioners, CWE is a formal list of software weakness types. \n\n------------------------------------------------------------------------\n\n-----------------------\n\nDisclaimer: The information provided in this Advisory is provided \"as is\" and without any warranty of any kind. Details of this Advisory may be updated in order to provide as accurate information as possible",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-1612"
},
{
"db": "CERT/CC",
"id": "VU#252294"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001294"
},
{
"db": "CNVD",
"id": "CNVD-2014-00610"
},
{
"db": "BID",
"id": "65108"
},
{
"db": "VULHUB",
"id": "VHN-69551"
},
{
"db": "PACKETSTORM",
"id": "124931"
}
],
"trust": 3.33
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-69551",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-69551"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-1612",
"trust": 3.5
},
{
"db": "CERT/CC",
"id": "VU#252294",
"trust": 2.7
},
{
"db": "BID",
"id": "65108",
"trust": 2.0
},
{
"db": "PACKETSTORM",
"id": "124931",
"trust": 1.8
},
{
"db": "OSVDB",
"id": "102415",
"trust": 1.7
},
{
"db": "XF",
"id": "90656",
"trust": 1.4
},
{
"db": "SECUNIA",
"id": "56638",
"trust": 1.1
},
{
"db": "JVN",
"id": "JVNVU97711137",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001294",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201401-598",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2014-00610",
"trust": 0.6
},
{
"db": "XF",
"id": "20141612",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20140123 REFLECTED CROSS-SITE SCRIPTING (XSS) VULNERABILITY IN MEDIATRIX WEB MANAGEMENT INTERFACE LOGIN PAGE",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-69551",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#252294"
},
{
"db": "CNVD",
"id": "CNVD-2014-00610"
},
{
"db": "VULHUB",
"id": "VHN-69551"
},
{
"db": "BID",
"id": "65108"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001294"
},
{
"db": "PACKETSTORM",
"id": "124931"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-598"
},
{
"db": "NVD",
"id": "CVE-2014-1612"
}
]
},
"id": "VAR-201401-0414",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00610"
},
{
"db": "VULHUB",
"id": "VHN-69551"
}
],
"trust": 1.45
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00610"
}
]
},
"last_update_date": "2025-04-11T23:15:23.310000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Mediatrix 4400 Series",
"trust": 0.8,
"url": "http://www.media5corp.com/en/voip-gateways/mediatrix-4400-series"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-001294"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 2.7
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#252294"
},
{
"db": "VULHUB",
"id": "VHN-69551"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001294"
},
{
"db": "NVD",
"id": "CVE-2014-1612"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "http://www.kb.cert.org/vuls/id/252294"
},
{
"trust": 1.7,
"url": "http://packetstormsecurity.com/files/124931/mediatrix-4402-cross-site-scripting.html"
},
{
"trust": 1.7,
"url": "http://osvdb.org/102415"
},
{
"trust": 1.4,
"url": "http://xforce.iss.net/xforce/xfdb/90656"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/65108"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/530871/100/0/threaded"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/56638"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90656"
},
{
"trust": 0.8,
"url": "http://www.mediatrix.com/en/voip-gateways/mediatrix-4400-series"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/archive/1/530871/30/0/threaded"
},
{
"trust": 0.8,
"url": "http://cwe.mitre.org/data/definitions/79.html"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-1612"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu97711137/"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-1612"
},
{
"trust": 0.6,
"url": "http://seclists.org/bugtraq/2014/jan/87"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/65108/discuss"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/530871/100/0/threaded"
},
{
"trust": 0.1,
"url": "http://cwe.mitre.org"
},
{
"trust": 0.1,
"url": "http://\u003c\u003cmediatrixwebinterfaceip/host\u003e\u003e/login.esp?r=system_info.esp\u0026username=%22/%3e%3cscript%3ealert%281%29%3c/script%3e"
},
{
"trust": 0.1,
"url": "http://www.mediatrix.com/en/company"
},
{
"trust": 0.1,
"url": "http://www.helpag.com/."
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1612"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#252294"
},
{
"db": "CNVD",
"id": "CNVD-2014-00610"
},
{
"db": "VULHUB",
"id": "VHN-69551"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001294"
},
{
"db": "PACKETSTORM",
"id": "124931"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-598"
},
{
"db": "NVD",
"id": "CVE-2014-1612"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#252294"
},
{
"db": "CNVD",
"id": "CNVD-2014-00610"
},
{
"db": "VULHUB",
"id": "VHN-69551"
},
{
"db": "BID",
"id": "65108"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001294"
},
{
"db": "PACKETSTORM",
"id": "124931"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-598"
},
{
"db": "NVD",
"id": "CVE-2014-1612"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-02-03T00:00:00",
"db": "CERT/CC",
"id": "VU#252294"
},
{
"date": "2014-01-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-00610"
},
{
"date": "2014-01-30T00:00:00",
"db": "VULHUB",
"id": "VHN-69551"
},
{
"date": "2014-01-23T00:00:00",
"db": "BID",
"id": "65108"
},
{
"date": "2014-02-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-001294"
},
{
"date": "2014-01-24T00:55:55",
"db": "PACKETSTORM",
"id": "124931"
},
{
"date": "2014-01-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201401-598"
},
{
"date": "2014-01-30T18:55:03.627000",
"db": "NVD",
"id": "CVE-2014-1612"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-04-07T00:00:00",
"db": "CERT/CC",
"id": "VU#252294"
},
{
"date": "2014-01-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-00610"
},
{
"date": "2018-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-69551"
},
{
"date": "2014-02-05T01:04:00",
"db": "BID",
"id": "65108"
},
{
"date": "2014-02-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-001294"
},
{
"date": "2014-02-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201401-598"
},
{
"date": "2025-04-11T00:51:21.963000",
"db": "NVD",
"id": "CVE-2014-1612"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201401-598"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mediatrix 4402 digital gateway web interface contains a cross-site scripting (XSS) vulnerability",
"sources": [
{
"db": "CERT/CC",
"id": "VU#252294"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "xss",
"sources": [
{
"db": "PACKETSTORM",
"id": "124931"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-598"
}
],
"trust": 0.7
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…