CVE-2014-1405

EUVD-2014-1482
Multiple open redirect vulnerabilities on the Conceptronic C54APM access point with runtime code 1.26 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via (1) the submit-url parameter in a Refresh action to goform/formWlSiteSurvey or (2) the wlan-url parameter to goform/formWlanSetup.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 48%
Affected Products (NVD)
VendorProductVersion
conceptronicc54apm_firmware
1.26
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://antoniovazquezblanco.github.io/docs/advisories/Advisory_C54APM_Multiple.pdf
http://osvdb.org/101916
http://osvdb.org/101917
http://antoniovazquezblanco.github.io/docs/advisories/Advisory_C54APM_Multiple.pdf
http://osvdb.org/101916
http://osvdb.org/101917