CVE-2014-1406 - OpenCVE

CRLF injection vulnerability in goform/formWlSiteSurvey on the Conceptronic C54APM access point with runtime code 1.26 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the submit-url parameter in a Refresh action.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Conceptronic	C54apm C54apm Firmware

Configuration 1 [-]

AND

cpe:2.3:o:conceptronic:c54apm_firmware:1.26:*:*:*:*:*:*:*

cpe:2.3:h:conceptronic:c54apm:v2:*:*:*:*:*:*:*

References

Link	Resource
http://antoniovazquezblanco.github.io/docs/advisories/Advisory_C54APM_Multiple.pdf	Exploit Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2014-01-10T16:00:00

Updated: 2014-01-10T15:57:00

Reserved: 2014-01-10T00:00:00

Link: CVE-2014-1406

JSON object: View

NVD Information

Status : Analyzed

Published: 2014-01-10T16:47:06.160

Modified: 2014-05-05T15:29:18.567

Link: CVE-2014-1406

JSON object: View

Redhat Information

No data.

CWE

CWE-20