VAR-201401-0503
Vulnerability from variot - Updated: 2025-04-11 23:16Multiple cross-site scripting (XSS) vulnerabilities on the Conceptronic C54APM access point with runtime code 1.26 allow remote attackers to inject arbitrary web script or HTML via (1) the submit-url parameter in a Refresh action to goform/formWlSiteSurvey or (2) the wlan-url parameter to goform/formWlanSetup. (1) goform/formWlSiteSurvey of Refresh action of submit-url Parameters (2) goform/formWlanSetup of wlan-url Parameters. The Conceptronic C54APM is a wireless AP device. A cross-site scripting vulnerability exists in the Conceptronic C54APM device. The \342\200\230wlan-url\342\200\231 parameter was not properly filtered because the goform/formWlSiteSurvey page failed to properly filter the \342\200\230submit-url\342\200\231 parameter in the Refresh operation and the goform/formWlanSetup script. Conceptronic C54APM is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks. Conceptronic C54APM 2.0 running firmware 1.26 is vulnerable; other versions may be affected. Conceptronic C54APM is a wireless access device produced by German Conceptronic Company
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201401-0503",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "c54apm",
"scope": "eq",
"trust": 1.6,
"vendor": "conceptronic",
"version": "1.26"
},
{
"model": "c54apm",
"scope": "eq",
"trust": 1.0,
"vendor": "conceptronic",
"version": "v2"
},
{
"model": "c54apm",
"scope": "eq",
"trust": 0.9,
"vendor": "conceptronic",
"version": "2.01.26"
},
{
"model": "c54apm",
"scope": "eq",
"trust": 0.8,
"vendor": "conceptronic",
"version": "runtime code 1.26"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00257"
},
{
"db": "BID",
"id": "64793"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001035"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-155"
},
{
"db": "NVD",
"id": "CVE-2014-1407"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:conceptronic:c54apm",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-001035"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Antonio V\u00e1zquez Blanco",
"sources": [
{
"db": "BID",
"id": "64793"
}
],
"trust": 0.3
},
"cve": "CVE-2014-1407",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2014-1407",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2014-00257",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-69346",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-1407",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2014-1407",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2014-00257",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201401-155",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-69346",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00257"
},
{
"db": "VULHUB",
"id": "VHN-69346"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001035"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-155"
},
{
"db": "NVD",
"id": "CVE-2014-1407"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple cross-site scripting (XSS) vulnerabilities on the Conceptronic C54APM access point with runtime code 1.26 allow remote attackers to inject arbitrary web script or HTML via (1) the submit-url parameter in a Refresh action to goform/formWlSiteSurvey or (2) the wlan-url parameter to goform/formWlanSetup. (1) goform/formWlSiteSurvey of Refresh action of submit-url Parameters (2) goform/formWlanSetup of wlan-url Parameters. The Conceptronic C54APM is a wireless AP device. A cross-site scripting vulnerability exists in the Conceptronic C54APM device. The \\342\\200\\230wlan-url\\342\\200\\231 parameter was not properly filtered because the goform/formWlSiteSurvey page failed to properly filter the \\342\\200\\230submit-url\\342\\200\\231 parameter in the Refresh operation and the goform/formWlanSetup script. Conceptronic C54APM is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. \nAn attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks. \nConceptronic C54APM 2.0 running firmware 1.26 is vulnerable; other versions may be affected. Conceptronic C54APM is a wireless access device produced by German Conceptronic Company",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-1407"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001035"
},
{
"db": "CNVD",
"id": "CNVD-2014-00257"
},
{
"db": "BID",
"id": "64793"
},
{
"db": "VULHUB",
"id": "VHN-69346"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-1407",
"trust": 3.4
},
{
"db": "OSVDB",
"id": "101919",
"trust": 1.1
},
{
"db": "OSVDB",
"id": "101921",
"trust": 1.1
},
{
"db": "BID",
"id": "64793",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001035",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201401-155",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2014-00257",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-69346",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00257"
},
{
"db": "VULHUB",
"id": "VHN-69346"
},
{
"db": "BID",
"id": "64793"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001035"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-155"
},
{
"db": "NVD",
"id": "CVE-2014-1407"
}
]
},
"id": "VAR-201401-0503",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00257"
},
{
"db": "VULHUB",
"id": "VHN-69346"
}
],
"trust": 1.2999999999999998
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00257"
}
]
},
"last_update_date": "2025-04-11T23:16:35.493000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Conceptronic C54APM Version 2.0 Quick Installation Guide",
"trust": 0.8,
"url": "http://download.conceptronic.net/manuals/C04-058_C54APM_v2.0_Quick_Guide_ML.pdf"
},
{
"title": "C54APM",
"trust": 0.8,
"url": "http://www.conceptronic.net/es/download_list.php?stype=3\u0026productid=341"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-001035"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-69346"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001035"
},
{
"db": "NVD",
"id": "CVE-2014-1407"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "http://antoniovazquezblanco.github.io/docs/advisories/advisory_c54apm_multiple.pdf"
},
{
"trust": 1.1,
"url": "http://osvdb.org/101919"
},
{
"trust": 1.1,
"url": "http://osvdb.org/101921"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-1407"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-1407"
},
{
"trust": 0.3,
"url": "http://www.conceptronic.net/es/download_list.php?stype=3\u0026productid=341"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00257"
},
{
"db": "VULHUB",
"id": "VHN-69346"
},
{
"db": "BID",
"id": "64793"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001035"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-155"
},
{
"db": "NVD",
"id": "CVE-2014-1407"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2014-00257"
},
{
"db": "VULHUB",
"id": "VHN-69346"
},
{
"db": "BID",
"id": "64793"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001035"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-155"
},
{
"db": "NVD",
"id": "CVE-2014-1407"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-01-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-00257"
},
{
"date": "2014-01-10T00:00:00",
"db": "VULHUB",
"id": "VHN-69346"
},
{
"date": "2014-01-09T00:00:00",
"db": "BID",
"id": "64793"
},
{
"date": "2014-01-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-001035"
},
{
"date": "2014-01-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201401-155"
},
{
"date": "2014-01-10T16:47:06.193000",
"db": "NVD",
"id": "CVE-2014-1407"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-01-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-00257"
},
{
"date": "2015-08-07T00:00:00",
"db": "VULHUB",
"id": "VHN-69346"
},
{
"date": "2014-01-09T00:00:00",
"db": "BID",
"id": "64793"
},
{
"date": "2014-01-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-001035"
},
{
"date": "2014-01-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201401-155"
},
{
"date": "2025-04-11T00:51:21.963000",
"db": "NVD",
"id": "CVE-2014-1407"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201401-155"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Conceptronic C54APM Cross-Site Scripting Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00257"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-155"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201401-155"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…