CVE-2014-1405
Summary
| CVE | CVE-2014-1405 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2014-01-10 16:47:00 UTC |
| Updated | 2015-08-07 17:58:00 UTC |
| Description | Multiple open redirect vulnerabilities on the Conceptronic C54APM access point with runtime code 1.26 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via (1) the submit-url parameter in a Refresh action to goform/formWlSiteSurvey or (2) the wlan-url parameter to goform/formWlanSetup. |
Risk And Classification
Problem Types: CWE-20
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Conceptronic | C54apm | v2 | All | All | All |
| Hardware | Conceptronic | C54apm | v2 | All | All | All |
| Operating System | Conceptronic | C54apm Firmware | 1.26 | All | All | All |
| Operating System | Conceptronic | C54apm Firmware | 1.26 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| 101916 | OSVDB | osvdb.org | |
| 101917 | OSVDB | osvdb.org | |
| antoniovazquezblanco.github.io/docs/advisories/Advisory_C54APM_Multiple.pdf | MISC | antoniovazquezblanco.github.io | Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.