CVE-2014-2045

Exploit

EPSS 4.34%
Veröffentlicht 20.01.2017 15:59:00
Zuletzt bearbeitet 20.04.2025 01:37:25
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Multiple cross-site scripting (XSS) vulnerabilities in the old and new interfaces in Viprinet Multichannel VPN Router 300 allow remote attackers to inject arbitrary web script or HTML via the username when (1) logging in or (2) creating an account in the old interface, (3) username when creating an account in the new interface, (4) hostname in the old interface, (5) inspect parameter in the config module, (6) commands parameter in the atcommands tool, or (7) host parameter in the ping tool.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 8

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Viprinet ≫ Multichannel Vpn Router 300 Firmware Version2013070830

Viprinet ≫ Multichannel Vpn Router 300 Version-

Viprinet ≫ Multichannel Vpn Router 300 Firmware Version2013080900

Viprinet ≫ Multichannel Vpn Router 300 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	4.34%	0.884

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.1	2.8	2.7	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:P/A:N

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

http://packetstormsecurity.com/files/135613/Viprinet-Multichannel-VPN-Router-300-Cross-Site-Scripting.html

Third Party Advisory

Exploit

VDB Entry

http://seclists.org/fulldisclosure/2016/Feb/8

Third Party Advisory

Mailing List

http://www.securityfocus.com/archive/1/537441/100/0/threaded

https://www.exploit-db.com/exploits/39407/

Third Party Advisory

Exploit

VDB Entry