CVE-2014-1405

  1. Reconshell
  2. Vulnerabilities (CVE)
  3. CVE-2014-1405
Multiple open redirect vulnerabilities on the Conceptronic C54APM access point with runtime code 1.26 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via (1) the submit-url parameter in a Refresh action to goform/formWlSiteSurvey or (2) the wlan-url parameter to goform/formWlanSetup.

5.8 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:N

Exploitability : 8.6 / Impact : 4.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact NONE

References
Link Resource
http://antoniovazquezblanco.github.io/docs/advisories/Advisory_C54APM_Multiple.pdf Vendor Advisory
http://osvdb.org/101917
http://osvdb.org/101916
Advertisement

NeevaHost hosting service
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:conceptronic:c54apm_firmware:1.26:*:*:*:*:*:*:*
cpe:2.3:h:conceptronic:c54apm:v2:*:*:*:*:*:*:*
Information

Published : 2014-01-10 08:47

Updated : 2015-08-07 10:58

NVD link : CVE-2014-1405

Mitre link : CVE-2014-1405

JSON object : View

CWE
CWE-20

Improper Input Validation

Advertisement

dedicated server usa
Products Affected

conceptronic

  • c54apm
  • c54apm_firmware