Lucene search

[email protected]CVE-2014-1407

HistoryJan 10, 2014 - 4:47 p.m.

CVE-2014-1407

2014-01-1016:47:06

CWE-79

[email protected]

web.nvd.nist.gov

cve-2014-1407

xss

vulnerabilities

conceptronic c54apm

access point

nvd

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.9 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

60.8%

JSON

Multiple cross-site scripting (XSS) vulnerabilities on the Conceptronic C54APM access point with runtime code 1.26 allow remote attackers to inject arbitrary web script or HTML via (1) the submit-url parameter in a Refresh action to goform/formWlSiteSurvey or (2) the wlan-url parameter to goform/formWlanSetup.

Affected configurations

NVD

Node

conceptronicc54apm_firmwareMatch1.26

AND

conceptronicc54apmMatchv2

CPENameOperatorVersion
conceptronic:c54apm_firmwareconceptronic c54apm firmwareeq1.26
conceptronic:c54apmconceptronic c54apmeqv2

CPE	Name	Operator	Version
conceptronic:c54apm_firmware	conceptronic c54apm firmware	eq	1.26
conceptronic:c54apm	conceptronic c54apm	eq	v2

References

antoniovazquezblanco.github.io/docs/advisories/Advisory_C54APM_Multiple.pdf

osvdb.org/101919

osvdb.org/101921

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.9 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

60.8%

JSON

Related for CVE-2014-1407

nvd1 cvelist1 prion1