CVE-2014-1405

Multiple open redirect vulnerabilities on the Conceptronic C54APM access point with runtime code 1.26 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via (1) the submit-url parameter in a Refresh action to goform/formWlSiteSurvey or (2) the wlan-url parameter to goform/formWlanSetup.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 65%
VendorProductVersion
conceptronicc54apm_firmware
1.26
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://antoniovazquezblanco.github.io/docs/advisories/Advisory_C54APM_Multiple.pdf
http://osvdb.org/101916
http://osvdb.org/101917
http://antoniovazquezblanco.github.io/docs/advisories/Advisory_C54APM_Multiple.pdf
http://osvdb.org/101916
http://osvdb.org/101917