VAR-201401-0502
Vulnerability from variot - Updated: 2025-04-11 22:55CRLF injection vulnerability in goform/formWlSiteSurvey on the Conceptronic C54APM access point with runtime code 1.26 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the submit-url parameter in a Refresh action. The Conceptronic C54APM is a wireless AP device. The Conceptronic C54APM has an HTTP response split vulnerability. The goform/formWlSiteSurvey page failed to properly filter the \342\200\230submit-url\342\200\231 parameter in the Refresh operation. Attackers can leverage this issue to influence or misrepresent how web content is served, cached, or interpreted. This could aid in various attacks that try to entice client users into having a false sense of trust. Conceptronic C54APM 2.0 running firmware 1.26 is vulnerable. Conceptronic C54APM is a wireless access device produced by German Conceptronic Company. There is a CRLF injection vulnerability in the Conceptronic C54APM device using the Runtime Code 1.26 accessor
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201401-0502",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "c54apm",
"scope": "eq",
"trust": 1.6,
"vendor": "conceptronic",
"version": "1.26"
},
{
"model": "c54apm",
"scope": "eq",
"trust": 1.0,
"vendor": "conceptronic",
"version": "v2"
},
{
"model": "c54apm",
"scope": "eq",
"trust": 0.9,
"vendor": "conceptronic",
"version": "2.01.26"
},
{
"model": "c54apm",
"scope": "eq",
"trust": 0.8,
"vendor": "conceptronic",
"version": "runtime code 1.26"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00258"
},
{
"db": "BID",
"id": "64785"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001034"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-154"
},
{
"db": "NVD",
"id": "CVE-2014-1406"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:conceptronic:c54apm",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-001034"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Antonio V\u00e1zquez Blanco",
"sources": [
{
"db": "BID",
"id": "64785"
}
],
"trust": 0.3
},
"cve": "CVE-2014-1406",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2014-1406",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2014-00258",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-69345",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-1406",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2014-1406",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2014-00258",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201401-154",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-69345",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00258"
},
{
"db": "VULHUB",
"id": "VHN-69345"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001034"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-154"
},
{
"db": "NVD",
"id": "CVE-2014-1406"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "CRLF injection vulnerability in goform/formWlSiteSurvey on the Conceptronic C54APM access point with runtime code 1.26 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the submit-url parameter in a Refresh action. The Conceptronic C54APM is a wireless AP device. The Conceptronic C54APM has an HTTP response split vulnerability. The goform/formWlSiteSurvey page failed to properly filter the \\342\\200\\230submit-url\\342\\200\\231 parameter in the Refresh operation. \nAttackers can leverage this issue to influence or misrepresent how web content is served, cached, or interpreted. This could aid in various attacks that try to entice client users into having a false sense of trust. \nConceptronic C54APM 2.0 running firmware 1.26 is vulnerable. Conceptronic C54APM is a wireless access device produced by German Conceptronic Company. There is a CRLF injection vulnerability in the Conceptronic C54APM device using the Runtime Code 1.26 accessor",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-1406"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001034"
},
{
"db": "CNVD",
"id": "CNVD-2014-00258"
},
{
"db": "BID",
"id": "64785"
},
{
"db": "VULHUB",
"id": "VHN-69345"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-1406",
"trust": 3.4
},
{
"db": "BID",
"id": "64785",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001034",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201401-154",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2014-00258",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-69345",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00258"
},
{
"db": "VULHUB",
"id": "VHN-69345"
},
{
"db": "BID",
"id": "64785"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001034"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-154"
},
{
"db": "NVD",
"id": "CVE-2014-1406"
}
]
},
"id": "VAR-201401-0502",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00258"
},
{
"db": "VULHUB",
"id": "VHN-69345"
}
],
"trust": 1.2999999999999998
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00258"
}
]
},
"last_update_date": "2025-04-11T22:55:48.817000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Conceptronic C54APM Version 2.0 Quick Installation Guide",
"trust": 0.8,
"url": "http://download.conceptronic.net/manuals/C04-058_C54APM_v2.0_Quick_Guide_ML.pdf"
},
{
"title": "C54APM",
"trust": 0.8,
"url": "http://www.conceptronic.net/es/download_list.php?stype=3\u0026productid=341"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-001034"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-69345"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001034"
},
{
"db": "NVD",
"id": "CVE-2014-1406"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "http://antoniovazquezblanco.github.io/docs/advisories/advisory_c54apm_multiple.pdf"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-1406"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-1406"
},
{
"trust": 0.3,
"url": "http://www.conceptronic.net/es/download_list.php?stype=3\u0026productid=341"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00258"
},
{
"db": "VULHUB",
"id": "VHN-69345"
},
{
"db": "BID",
"id": "64785"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001034"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-154"
},
{
"db": "NVD",
"id": "CVE-2014-1406"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2014-00258"
},
{
"db": "VULHUB",
"id": "VHN-69345"
},
{
"db": "BID",
"id": "64785"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001034"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-154"
},
{
"db": "NVD",
"id": "CVE-2014-1406"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-01-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-00258"
},
{
"date": "2014-01-10T00:00:00",
"db": "VULHUB",
"id": "VHN-69345"
},
{
"date": "2014-01-09T00:00:00",
"db": "BID",
"id": "64785"
},
{
"date": "2014-01-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-001034"
},
{
"date": "2014-01-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201401-154"
},
{
"date": "2014-01-10T16:47:06.160000",
"db": "NVD",
"id": "CVE-2014-1406"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-01-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-00258"
},
{
"date": "2014-05-05T00:00:00",
"db": "VULHUB",
"id": "VHN-69345"
},
{
"date": "2014-01-09T00:00:00",
"db": "BID",
"id": "64785"
},
{
"date": "2014-01-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-001034"
},
{
"date": "2014-01-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201401-154"
},
{
"date": "2025-04-11T00:51:21.963000",
"db": "NVD",
"id": "CVE-2014-1406"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201401-154"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Conceptronic C54APM Access point goform/formWlSiteSurvey In CRLF Injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-001034"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201401-154"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…