exploitDog

CVE-2014-1406

Опубликовано: 10 янв. 2014

Источник: nvd

CVSS2: 4.3

EPSS Низкий

Описание

CRLF injection vulnerability in goform/formWlSiteSurvey on the Conceptronic C54APM access point with runtime code 1.26 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the submit-url parameter in a Refresh action.

Ссылки

http://antoniovazquezblanco.github.io/docs/advisories/Advisory_C54APM_Multiple.pdf
Exploit
Vendor Advisory
http://antoniovazquezblanco.github.io/docs/advisories/Advisory_C54APM_Multiple.pdf
Exploit
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:conceptronic:c54apm_firmware:1.26:*:*:*:*:*:*:*

cpe:2.3:h:conceptronic:c54apm:v2:*:*:*:*:*:*:*

EPSS

Процентиль: 47%

0.00243

Низкий

4.3 Medium

CVSS2

Дефекты

CWE-20

Связанные уязвимости

GHSA-3f54-w53c-9jjr

github

больше 3 лет назад

CRLF injection vulnerability in goform/formWlSiteSurvey on the Conceptronic C54APM access point with runtime code 1.26 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the submit-url parameter in a Refresh action.

EPSS

Процентиль: 47%

0.00243

Низкий

4.3 Medium

CVSS2

Дефекты

CWE-20