Multiple open redirect vulnerabilities on the Conceptronic C54APM access point with runtime code 1.26 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via (1) the submit-url parameter in a Refresh action to goform/formWlSiteSurvey or (2) the wlan-url parameter to goform/formWlanSetup.
References
Link | Resource |
---|---|
http://antoniovazquezblanco.github.io/docs/advisories/Advisory_C54APM_Multiple.pdf | Vendor Advisory |
http://osvdb.org/101916 | |
http://osvdb.org/101917 |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2014-01-10T16:00:00
Updated: 2015-05-15T16:57:00
Reserved: 2014-01-10T00:00:00
Link: CVE-2014-1405
JSON object: View
NVD Information
Status : Analyzed
Published: 2014-01-10T16:47:06.130
Modified: 2015-08-07T17:58:24.077
Link: CVE-2014-1405
JSON object: View
Redhat Information
No data.
CWE