CRLF injection vulnerability in goform/formWlSiteSurvey on the Conceptronic C54APM access point with runtime code 1.26 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the submit-url parameter in a Refresh action.
CPE | Name | Operator | Version |
---|---|---|---|
c54apm | eq | 2.0.118 | |
c54apm_firmware | eq | 1.26 |