CVE-2014-1408

The Conceptronic C54APM access point with runtime code 1.26 has a default password of admin for the admin account, which makes it easier for remote attackers to obtain access via an HTTP request, as demonstrated by stored XSS attacks.

CVSS v2.0 7.8 HIGH

7.8^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:C/I:N/A:N

Exploitability : 10.0 / Impact : 6.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://antoniovazquezblanco.github.io/docs/advisories/Advisory_C54APM_Multiple.pdf	Exploit Vendor Advisory
http://download.conceptronic.net/manuals/C04-058_C54APM_v2.0_Quick_Guide_ML.pdf
http://antoniovazquezblanco.github.io/docs/advisories/Advisory_C54APM_Multiple.pdf	Exploit Vendor Advisory
http://download.conceptronic.net/manuals/C04-058_C54APM_v2.0_Quick_Guide_ML.pdf

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:conceptronic:c54apm_firmware:1.26:*:*:*:*:*:*:*

cpe:2.3:h:conceptronic:c54apm:v2:*:*:*:*:*:*:*

History

21 Nov 2024, 02:04

Type	Values Removed	Values Added
References	~~() http://antoniovazquezblanco.github.io/docs/advisories/Advisory_C54APM_Multiple.pdf - Exploit, Vendor Advisory~~	() http://antoniovazquezblanco.github.io/docs/advisories/Advisory_C54APM_Multiple.pdf - Exploit, Vendor Advisory
References	~~() http://download.conceptronic.net/manuals/C04-058_C54APM_v2.0_Quick_Guide_ML.pdf -~~	() http://download.conceptronic.net/manuals/C04-058_C54APM_v2.0_Quick_Guide_ML.pdf -

Information

Published : 2014-01-10 16:47

Updated : 2024-11-21 02:04

NVD link : CVE-2014-1408

Mitre link : CVE-2014-1408

CVE.ORG link : CVE-2014-1408

JSON object : View

Products Affected

conceptronic

c54apm_firmware
c54apm

CWE

CWE-255

Credentials Management Errors

{"id": "CVE-2014-1408", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 6.9, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2014-01-10T16:47:06.333", "references": [{"url": "http://antoniovazquezblanco.github.io/docs/advisories/Advisory_C54APM_Multiple.pdf", "tags": ["Exploit", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://download.conceptronic.net/manuals/C04-058_C54APM_v2.0_Quick_Guide_ML.pdf", "source": "cve@mitre.org"}, {"url": "http://antoniovazquezblanco.github.io/docs/advisories/Advisory_C54APM_Multiple.pdf", "tags": ["Exploit", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://download.conceptronic.net/manuals/C04-058_C54APM_v2.0_Quick_Guide_ML.pdf", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-255"}]}], "descriptions": [{"lang": "en", "value": "The Conceptronic C54APM access point with runtime code 1.26 has a default password of admin for the admin account, which makes it easier for remote attackers to obtain access via an HTTP request, as demonstrated by stored XSS attacks."}, {"lang": "es", "value": "El punto de acceso Conceptronic C54APM con c\u00f3digo runtime 1.26 tiene una contrase\u00f1a \"admin\" por defecto para el usuario admin, lo cual hace m\u00e1s f\u00e1cil para los atacantes remotos obtener acceso a trav\u00e9s de una petici\u00f3n HTTP, como fue demostrado por ataques de stored XSS."}], "lastModified": "2024-11-21T02:04:14.237", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:conceptronic:c54apm_firmware:1.26:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D719574C-452B-43F7-A737-A91FFCE2B9DB"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:conceptronic:c54apm:v2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8A0DF340-6DE3-4683-9B01-09CDB0721704"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}