Lucene search

[email protected]CVE-2014-1406

HistoryJan 10, 2014 - 4:47 p.m.

CVE-2014-1406

2014-01-1016:47:06

CWE-20

[email protected]

web.nvd.nist.gov

crlf injection

vulnerability

conceptronic c54apm

access point

http headers

http response splitting

nvd

cve-2014-1406

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

7.3 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

56.6%

JSON

CRLF injection vulnerability in goform/formWlSiteSurvey on the Conceptronic C54APM access point with runtime code 1.26 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the submit-url parameter in a Refresh action.

Affected configurations

NVD

Node

conceptronicc54apm_firmwareMatch1.26

AND

conceptronicc54apmMatchv2

CPENameOperatorVersion
conceptronic:c54apm_firmwareconceptronic c54apm firmwareeq1.26
conceptronic:c54apmconceptronic c54apmeqv2

CPE	Name	Operator	Version
conceptronic:c54apm_firmware	conceptronic c54apm firmware	eq	1.26
conceptronic:c54apm	conceptronic c54apm	eq	v2

References

antoniovazquezblanco.github.io/docs/advisories/Advisory_C54APM_Multiple.pdf

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

7.3 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

56.6%

JSON

Related for CVE-2014-1406

prion1 cvelist1 nvd1