Sign-up

ID

VAR-201401-0501


CVE

CVE-2014-1405


TITLE

Conceptronic C54APM Access point open redirect vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2014-001033

DESCRIPTION

Multiple open redirect vulnerabilities on the Conceptronic C54APM access point with runtime code 1.26 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via (1) the submit-url parameter in a Refresh action to goform/formWlSiteSurvey or (2) the wlan-url parameter to goform/formWlanSetup. (1) goform/formWlSiteSurvey of Refresh In action submit-url Parameters (2) goform/formWlanSetup of wlan-url Parameters. The Conceptronic C54APM is a wireless AP device. The Openron redirection vulnerability exists in Conceptronic C54APM. A remote attacker can provide the 'submit-url' parameter in the Refresh operation to the goform/formWlSiteSurvey page or the 'wlan-url' parameter to the goform/formWlanSetup page. The attacker can use the vulnerability to redirect the user to any website and then implement the phishing. attack. Conceptronic C54APM 2.0 is prone to multiple open-redirection vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker can leverage these issues by constructing a crafted URI and enticing a user to follow it. When an unsuspecting victim follows the link, they may be redirected to an attacker-controlled site; this may aid in phishing attacks. Other attacks are possible. Conceptronic C54APM 2.0 running firmware 1.26 is vulnerable. Conceptronic C54APM is a wireless access device produced by German Conceptronic Company

Trust: 2.52

sources: NVD: CVE-2014-1405 // JVNDB: JVNDB-2014-001033 // CNVD: CNVD-2014-00259 // BID: 64794 // VULHUB: VHN-69344

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2014-00259

AFFECTED PRODUCTS

vendor:conceptronicmodel:c54apmscope:eqversion:1.26

Trust: 1.6

vendor:conceptronicmodel:c54apmscope:eqversion:v2

Trust: 1.0

vendor:conceptronicmodel:c54apmscope:eqversion:2.01.26

Trust: 0.9

vendor:conceptronicmodel:c54apmscope:eqversion:runtime code 1.26

Trust: 0.8

sources: CNVD: CNVD-2014-00259 // BID: 64794 // JVNDB: JVNDB-2014-001033 // CNNVD: CNNVD-201401-153 // NVD: CVE-2014-1405

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-1405
value: MEDIUM

Trust: 1.0

NVD: CVE-2014-1405
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2014-00259
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201401-153
value: MEDIUM

Trust: 0.6

VULHUB: VHN-69344
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2014-1405
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2014-00259
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-69344
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CNVD: CNVD-2014-00259 // VULHUB: VHN-69344 // JVNDB: JVNDB-2014-001033 // CNNVD: CNNVD-201401-153 // NVD: CVE-2014-1405

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-69344 // JVNDB: JVNDB-2014-001033 // NVD: CVE-2014-1405

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201401-153

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201401-153

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-001033

PATCH
title:Conceptronic C54APM Version 2.0 Quick Installation Guideurl:http://download.conceptronic.net/manuals/C04-058_C54APM_v2.0_Quick_Guide_ML.pdf
Trust: 0.8
title:C54APMurl:http://www.conceptronic.net/es/download_list.php?stype=3&productid=341
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2014-001033

EXTERNAL IDS
db:NVDid:CVE-2014-1405
Trust: 3.4
db:OSVDBid:101917
Trust: 1.1
db:OSVDBid:101916
Trust: 1.1
db:BIDid:64794
Trust: 1.0
db:JVNDBid:JVNDB-2014-001033
Trust: 0.8
db:CNNVDid:CNNVD-201401-153
Trust: 0.7
db:CNVDid:CNVD-2014-00259
Trust: 0.6
db:VULHUBid:VHN-69344
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2014-00259 // 
            
            
            
            VULHUB: VHN-69344 // 
            
            
            
            BID: 64794 // 
            
            
            
            JVNDB: JVNDB-2014-001033 // 
            
            
            
            CNNVD: CNNVD-201401-153 // 
            
            
            
            NVD: CVE-2014-1405

REFERENCES
url:http://antoniovazquezblanco.github.io/docs/advisories/advisory_c54apm_multiple.pdf
Trust: 3.4
url:http://osvdb.org/101916
Trust: 1.1
url:http://osvdb.org/101917
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-1405
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-1405
Trust: 0.8
url:http://www.conceptronic.net/es/download_list.php?stype=3&productid=341
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2014-00259 // 
            
            
            
            VULHUB: VHN-69344 // 
            
            
            
            BID: 64794 // 
            
            
            
            JVNDB: JVNDB-2014-001033 // 
            
            
            
            CNNVD: CNNVD-201401-153 // 
            
            
            
            NVD: CVE-2014-1405

CREDITS
Antonio Vázquez Blanco
Trust: 0.3
sources:
            
            
            BID: 64794

SOURCES
db:CNVDid:CNVD-2014-00259
db:VULHUBid:VHN-69344
db:BIDid:64794
db:JVNDBid:JVNDB-2014-001033
db:CNNVDid:CNNVD-201401-153
db:NVDid:CVE-2014-1405

LAST UPDATE DATE
2025-04-11T23:16:35.527000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2014-00259date:2014-01-15T00:00:00
db:VULHUBid:VHN-69344date:2015-08-07T00:00:00
db:BIDid:64794date:2014-01-09T00:00:00
db:JVNDBid:JVNDB-2014-001033date:2014-01-15T00:00:00
db:CNNVDid:CNNVD-201401-153date:2014-01-13T00:00:00
db:NVDid:CVE-2014-1405date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:CNVDid:CNVD-2014-00259date:2014-01-14T00:00:00
db:VULHUBid:VHN-69344date:2014-01-10T00:00:00
db:BIDid:64794date:2014-01-09T00:00:00
db:JVNDBid:JVNDB-2014-001033date:2014-01-15T00:00:00
db:CNNVDid:CNNVD-201401-153date:2014-01-13T00:00:00
db:NVDid:CVE-2014-1405date:2014-01-10T16:47:06.130