Details of VAR-201401-0502

ID

VAR-201401-0502

CVE

CVE-2014-1406

TITLE

Conceptronic C54APM Access point goform/formWlSiteSurvey In CRLF Injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2014-001034

DESCRIPTION

CRLF injection vulnerability in goform/formWlSiteSurvey on the Conceptronic C54APM access point with runtime code 1.26 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the submit-url parameter in a Refresh action. The Conceptronic C54APM is a wireless AP device. The Conceptronic C54APM has an HTTP response split vulnerability. The goform/formWlSiteSurvey page failed to properly filter the \342\200\230submit-url\342\200\231 parameter in the Refresh operation. Attackers can leverage this issue to influence or misrepresent how web content is served, cached, or interpreted. This could aid in various attacks that try to entice client users into having a false sense of trust. Conceptronic C54APM 2.0 running firmware 1.26 is vulnerable. Conceptronic C54APM is a wireless access device produced by German Conceptronic Company. There is a CRLF injection vulnerability in the Conceptronic C54APM device using the Runtime Code 1.26 accessor

Trust: 2.52

sources: NVD: CVE-2014-1406 // JVNDB: JVNDB-2014-001034 // CNVD: CNVD-2014-00258 // BID: 64785 // VULHUB: VHN-69345

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2014-00258

AFFECTED PRODUCTS

vendor:	conceptronic	model:	c54apm	scope:	eq	version:	1.26	Trust: 1.6
vendor:	conceptronic	model:	c54apm	scope:	eq	version:	v2	Trust: 1.0
vendor:	conceptronic	model:	c54apm	scope:	eq	version:	2.01.26	Trust: 0.9
vendor:	conceptronic	model:	c54apm	scope:	eq	version:	runtime code 1.26	Trust: 0.8

sources: CNVD: CNVD-2014-00258 // BID: 64785 // JVNDB: JVNDB-2014-001034 // CNNVD: CNNVD-201401-154 // NVD: CVE-2014-1406

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-1406
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2014-1406
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2014-00258
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201401-154
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-69345
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2014-1406
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2014-00258
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-69345
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CNVD: CNVD-2014-00258 // VULHUB: VHN-69345 // JVNDB: JVNDB-2014-001034 // CNNVD: CNNVD-201401-154 // NVD: CVE-2014-1406

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-69345 // JVNDB: JVNDB-2014-001034 // NVD: CVE-2014-1406

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201401-154

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201401-154

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-001034

PATCH

title:	Conceptronic C54APM Version 2.0 Quick Installation Guide	url:	http://download.conceptronic.net/manuals/C04-058_C54APM_v2.0_Quick_Guide_ML.pdf	Trust: 0.8
title:	C54APM	url:	http://www.conceptronic.net/es/download_list.php?stype=3&productid=341	Trust: 0.8

sources: JVNDB: JVNDB-2014-001034

EXTERNAL IDS

db:	NVD	id:	CVE-2014-1406	Trust: 3.4
db:	BID	id:	64785	Trust: 1.0
db:	JVNDB	id:	JVNDB-2014-001034	Trust: 0.8
db:	CNNVD	id:	CNNVD-201401-154	Trust: 0.7
db:	CNVD	id:	CNVD-2014-00258	Trust: 0.6
db:	VULHUB	id:	VHN-69345	Trust: 0.1

sources: CNVD: CNVD-2014-00258 // VULHUB: VHN-69345 // BID: 64785 // JVNDB: JVNDB-2014-001034 // CNNVD: CNNVD-201401-154 // NVD: CVE-2014-1406

REFERENCES

url:	http://antoniovazquezblanco.github.io/docs/advisories/advisory_c54apm_multiple.pdf	Trust: 3.4
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-1406	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-1406	Trust: 0.8
url:	http://www.conceptronic.net/es/download_list.php?stype=3&productid=341	Trust: 0.3

sources: CNVD: CNVD-2014-00258 // VULHUB: VHN-69345 // BID: 64785 // JVNDB: JVNDB-2014-001034 // CNNVD: CNNVD-201401-154 // NVD: CVE-2014-1406

CREDITS

Antonio Vázquez Blanco

Trust: 0.3

sources: BID: 64785

SOURCES

db:	CNVD	id:	CNVD-2014-00258
db:	VULHUB	id:	VHN-69345
db:	BID	id:	64785
db:	JVNDB	id:	JVNDB-2014-001034
db:	CNNVD	id:	CNNVD-201401-154
db:	NVD	id:	CVE-2014-1406

LAST UPDATE DATE

2025-04-11T22:55:48.817000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2014-00258	date:	2014-01-15T00:00:00
db:	VULHUB	id:	VHN-69345	date:	2014-05-05T00:00:00
db:	BID	id:	64785	date:	2014-01-09T00:00:00
db:	JVNDB	id:	JVNDB-2014-001034	date:	2014-01-15T00:00:00
db:	CNNVD	id:	CNNVD-201401-154	date:	2014-01-13T00:00:00
db:	NVD	id:	CVE-2014-1406	date:	2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2014-00258	date:	2014-01-14T00:00:00
db:	VULHUB	id:	VHN-69345	date:	2014-01-10T00:00:00
db:	BID	id:	64785	date:	2014-01-09T00:00:00
db:	JVNDB	id:	JVNDB-2014-001034	date:	2014-01-15T00:00:00
db:	CNNVD	id:	CNNVD-201401-154	date:	2014-01-13T00:00:00
db:	NVD	id:	CVE-2014-1406	date:	2014-01-10T16:47:06.160