CVE-2014-1405

{"id": "CVE-2014-1405", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2014-01-10T16:47:06.130", "references": [{"url": "http://antoniovazquezblanco.github.io/docs/advisories/Advisory_C54APM_Multiple.pdf", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://osvdb.org/101916", "source": "cve@mitre.org"}, {"url": "http://osvdb.org/101917", "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "Multiple open redirect vulnerabilities on the Conceptronic C54APM access point with runtime code 1.26 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via (1) the submit-url parameter in a Refresh action to goform/formWlSiteSurvey or (2) the wlan-url parameter to goform/formWlanSetup."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de redirecci\u00f3n abierta en el punto de acceso Conceptronic C54APM con c\u00f3digo runtime 1.26 permite a atacantes remotos redireccionar usuarios a sitios web de forma arbitraria y realizar ataques phishing a trav\u00e9s de (1) el par\u00e1metro submit-url en una acci\u00f3n Refresh a goform/formWISiteSurvey o (2) el par\u00e1metro wlan-url a goform/formWIanSetup."}], "lastModified": "2015-08-07T17:58:24.077", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:conceptronic:c54apm_firmware:1.26:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D719574C-452B-43F7-A737-A91FFCE2B9DB"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:conceptronic:c54apm:v2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8A0DF340-6DE3-4683-9B01-09CDB0721704"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}