Details of VAR-201401-0504

ID

VAR-201401-0504

CVE

CVE-2014-1408

TITLE

Conceptronic C54APM Access point acquisition vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2014-001036

DESCRIPTION

The Conceptronic C54APM access point with runtime code 1.26 has a default password of admin for the admin account, which makes it easier for remote attackers to obtain access via an HTTP request, as demonstrated by stored XSS attacks. The Conceptronic C54APM is a wireless AP device. The Conceptronic C54APM has an unsafe default password vulnerability. Because the program uses the default password for the management account. Conceptronic C54APM 2.0 is prone to an insecure-default-password vulnerability. Conceptronic C54APM 2.0 running firmware 1.26 is vulnerable. Conceptronic C54APM is a wireless access device produced by German Conceptronic Company. There is a trust management vulnerability in the Conceptronic C54APM device using the Runtime Code 1.26 accessor

Trust: 2.52

sources: NVD: CVE-2014-1408 // JVNDB: JVNDB-2014-001036 // CNVD: CNVD-2014-00256 // BID: 64790 // VULHUB: VHN-69347

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2014-00256

AFFECTED PRODUCTS

vendor:	conceptronic	model:	c54apm	scope:	eq	version:	1.26	Trust: 1.6
vendor:	conceptronic	model:	c54apm	scope:	eq	version:	v2	Trust: 1.0
vendor:	conceptronic	model:	c54apm	scope:	eq	version:	2.01.26	Trust: 0.9
vendor:	conceptronic	model:	c54apm	scope:	eq	version:	runtime code 1.26	Trust: 0.8

sources: CNVD: CNVD-2014-00256 // BID: 64790 // JVNDB: JVNDB-2014-001036 // CNNVD: CNNVD-201401-156 // NVD: CVE-2014-1408

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-1408
value:	HIGH
Trust: 1.0
NVD:	CVE-2014-1408
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2014-00256
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201401-156
value:	HIGH
Trust: 0.6
VULHUB:	VHN-69347
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2014-1408
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:C/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2014-00256
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:C/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-69347
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:C/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CNVD: CNVD-2014-00256 // VULHUB: VHN-69347 // JVNDB: JVNDB-2014-001036 // CNNVD: CNNVD-201401-156 // NVD: CVE-2014-1408

PROBLEMTYPE DATA

problemtype:

CWE-255

Trust: 1.9

sources: VULHUB: VHN-69347 // JVNDB: JVNDB-2014-001036 // NVD: CVE-2014-1408

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201401-156

TYPE

trust management

Trust: 0.6

sources: CNNVD: CNNVD-201401-156

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-001036

PATCH

title:	Conceptronic C54APM Version 2.0 Quick Installation Guide	url:	http://download.conceptronic.net/manuals/C04-058_C54APM_v2.0_Quick_Guide_ML.pdf	Trust: 0.8
title:	C54APM	url:	http://www.conceptronic.net/es/download_list.php?stype=3&productid=341	Trust: 0.8

sources: JVNDB: JVNDB-2014-001036

EXTERNAL IDS

db:	NVD	id:	CVE-2014-1408	Trust: 3.4
db:	BID	id:	64790	Trust: 1.0
db:	JVNDB	id:	JVNDB-2014-001036	Trust: 0.8
db:	CNNVD	id:	CNNVD-201401-156	Trust: 0.7
db:	CNVD	id:	CNVD-2014-00256	Trust: 0.6
db:	VULHUB	id:	VHN-69347	Trust: 0.1

sources: CNVD: CNVD-2014-00256 // VULHUB: VHN-69347 // BID: 64790 // JVNDB: JVNDB-2014-001036 // CNNVD: CNNVD-201401-156 // NVD: CVE-2014-1408

REFERENCES

url:	http://antoniovazquezblanco.github.io/docs/advisories/advisory_c54apm_multiple.pdf	Trust: 3.4
url:	http://download.conceptronic.net/manuals/c04-058_c54apm_v2.0_quick_guide_ml.pdf	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-1408	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-1408	Trust: 0.8
url:	http://www.conceptronic.net/es/download_list.php?stype=3&productid=341	Trust: 0.3

sources: CNVD: CNVD-2014-00256 // VULHUB: VHN-69347 // BID: 64790 // JVNDB: JVNDB-2014-001036 // CNNVD: CNNVD-201401-156 // NVD: CVE-2014-1408

CREDITS

Antonio Vázquez Blanco

Trust: 0.3

sources: BID: 64790

SOURCES

db:	CNVD	id:	CNVD-2014-00256
db:	VULHUB	id:	VHN-69347
db:	BID	id:	64790
db:	JVNDB	id:	JVNDB-2014-001036
db:	CNNVD	id:	CNNVD-201401-156
db:	NVD	id:	CVE-2014-1408

LAST UPDATE DATE

2025-04-11T22:53:07.391000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2014-00256	date:	2014-01-15T00:00:00
db:	VULHUB	id:	VHN-69347	date:	2014-05-05T00:00:00
db:	BID	id:	64790	date:	2014-01-09T00:00:00
db:	JVNDB	id:	JVNDB-2014-001036	date:	2014-01-15T00:00:00
db:	CNNVD	id:	CNNVD-201401-156	date:	2014-01-13T00:00:00
db:	NVD	id:	CVE-2014-1408	date:	2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2014-00256	date:	2014-01-14T00:00:00
db:	VULHUB	id:	VHN-69347	date:	2014-01-10T00:00:00
db:	BID	id:	64790	date:	2014-01-09T00:00:00
db:	JVNDB	id:	JVNDB-2014-001036	date:	2014-01-15T00:00:00
db:	CNNVD	id:	CNNVD-201401-156	date:	2014-01-13T00:00:00
db:	NVD	id:	CVE-2014-1408	date:	2014-01-10T16:47:06.333