VAR-201401-0504
Vulnerability from variot - Updated: 2025-04-11 22:53The Conceptronic C54APM access point with runtime code 1.26 has a default password of admin for the admin account, which makes it easier for remote attackers to obtain access via an HTTP request, as demonstrated by stored XSS attacks. The Conceptronic C54APM is a wireless AP device. The Conceptronic C54APM has an unsafe default password vulnerability. Because the program uses the default password for the management account. Conceptronic C54APM 2.0 is prone to an insecure-default-password vulnerability. Conceptronic C54APM 2.0 running firmware 1.26 is vulnerable. Conceptronic C54APM is a wireless access device produced by German Conceptronic Company. There is a trust management vulnerability in the Conceptronic C54APM device using the Runtime Code 1.26 accessor
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201401-0504",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "c54apm",
"scope": "eq",
"trust": 1.6,
"vendor": "conceptronic",
"version": "1.26"
},
{
"model": "c54apm",
"scope": "eq",
"trust": 1.0,
"vendor": "conceptronic",
"version": "v2"
},
{
"model": "c54apm",
"scope": "eq",
"trust": 0.9,
"vendor": "conceptronic",
"version": "2.01.26"
},
{
"model": "c54apm",
"scope": "eq",
"trust": 0.8,
"vendor": "conceptronic",
"version": "runtime code 1.26"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00256"
},
{
"db": "BID",
"id": "64790"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001036"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-156"
},
{
"db": "NVD",
"id": "CVE-2014-1408"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:conceptronic:c54apm",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-001036"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Antonio V\u00e1zquez Blanco",
"sources": [
{
"db": "BID",
"id": "64790"
}
],
"trust": 0.3
},
"cve": "CVE-2014-1408",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2014-1408",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2014-00256",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-69347",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-1408",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2014-1408",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2014-00256",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201401-156",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-69347",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00256"
},
{
"db": "VULHUB",
"id": "VHN-69347"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001036"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-156"
},
{
"db": "NVD",
"id": "CVE-2014-1408"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Conceptronic C54APM access point with runtime code 1.26 has a default password of admin for the admin account, which makes it easier for remote attackers to obtain access via an HTTP request, as demonstrated by stored XSS attacks. The Conceptronic C54APM is a wireless AP device. The Conceptronic C54APM has an unsafe default password vulnerability. Because the program uses the default password for the management account. Conceptronic C54APM 2.0 is prone to an insecure-default-password vulnerability. \nConceptronic C54APM 2.0 running firmware 1.26 is vulnerable. Conceptronic C54APM is a wireless access device produced by German Conceptronic Company. There is a trust management vulnerability in the Conceptronic C54APM device using the Runtime Code 1.26 accessor",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-1408"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001036"
},
{
"db": "CNVD",
"id": "CNVD-2014-00256"
},
{
"db": "BID",
"id": "64790"
},
{
"db": "VULHUB",
"id": "VHN-69347"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-1408",
"trust": 3.4
},
{
"db": "BID",
"id": "64790",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001036",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201401-156",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2014-00256",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-69347",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00256"
},
{
"db": "VULHUB",
"id": "VHN-69347"
},
{
"db": "BID",
"id": "64790"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001036"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-156"
},
{
"db": "NVD",
"id": "CVE-2014-1408"
}
]
},
"id": "VAR-201401-0504",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00256"
},
{
"db": "VULHUB",
"id": "VHN-69347"
}
],
"trust": 1.2999999999999998
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00256"
}
]
},
"last_update_date": "2025-04-11T22:53:07.391000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Conceptronic C54APM Version 2.0 Quick Installation Guide",
"trust": 0.8,
"url": "http://download.conceptronic.net/manuals/C04-058_C54APM_v2.0_Quick_Guide_ML.pdf"
},
{
"title": "C54APM",
"trust": 0.8,
"url": "http://www.conceptronic.net/es/download_list.php?stype=3\u0026productid=341"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-001036"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-255",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-69347"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001036"
},
{
"db": "NVD",
"id": "CVE-2014-1408"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "http://antoniovazquezblanco.github.io/docs/advisories/advisory_c54apm_multiple.pdf"
},
{
"trust": 1.7,
"url": "http://download.conceptronic.net/manuals/c04-058_c54apm_v2.0_quick_guide_ml.pdf"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-1408"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-1408"
},
{
"trust": 0.3,
"url": "http://www.conceptronic.net/es/download_list.php?stype=3\u0026productid=341"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00256"
},
{
"db": "VULHUB",
"id": "VHN-69347"
},
{
"db": "BID",
"id": "64790"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001036"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-156"
},
{
"db": "NVD",
"id": "CVE-2014-1408"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2014-00256"
},
{
"db": "VULHUB",
"id": "VHN-69347"
},
{
"db": "BID",
"id": "64790"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001036"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-156"
},
{
"db": "NVD",
"id": "CVE-2014-1408"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-01-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-00256"
},
{
"date": "2014-01-10T00:00:00",
"db": "VULHUB",
"id": "VHN-69347"
},
{
"date": "2014-01-09T00:00:00",
"db": "BID",
"id": "64790"
},
{
"date": "2014-01-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-001036"
},
{
"date": "2014-01-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201401-156"
},
{
"date": "2014-01-10T16:47:06.333000",
"db": "NVD",
"id": "CVE-2014-1408"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-01-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-00256"
},
{
"date": "2014-05-05T00:00:00",
"db": "VULHUB",
"id": "VHN-69347"
},
{
"date": "2014-01-09T00:00:00",
"db": "BID",
"id": "64790"
},
{
"date": "2014-01-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-001036"
},
{
"date": "2014-01-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201401-156"
},
{
"date": "2025-04-11T00:51:21.963000",
"db": "NVD",
"id": "CVE-2014-1408"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201401-156"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Conceptronic C54APM Access point acquisition vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-001036"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201401-156"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…