Vulnerability Description
The Conceptronic C54APM access point with runtime code 1.26 has a default password of admin for the admin account, which makes it easier for remote attackers to obtain access via an HTTP request, as demonstrated by stored XSS attacks.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Conceptronic | C54Apm Firmware | 1.26 |
| Conceptronic | C54Apm | v2 |
Related Weaknesses (CWE)
References
- http://antoniovazquezblanco.github.io/docs/advisories/Advisory_C54APM_Multiple.pExploitVendor Advisory
- http://download.conceptronic.net/manuals/C04-058_C54APM_v2.0_Quick_Guide_ML.pdf
- http://antoniovazquezblanco.github.io/docs/advisories/Advisory_C54APM_Multiple.pExploitVendor Advisory
- http://download.conceptronic.net/manuals/C04-058_C54APM_v2.0_Quick_Guide_ML.pdf
FAQ
What is CVE-2014-1408?
CVE-2014-1408 is a vulnerability with a CVSS score of 7.8 (HIGH). The Conceptronic C54APM access point with runtime code 1.26 has a default password of admin for the admin account, which makes it easier for remote attackers to obtain access via an HTTP request, as d...
How severe is CVE-2014-1408?
CVE-2014-1408 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-1408?
Check the references section above for vendor advisories and patch information. Affected products include: Conceptronic C54Apm Firmware, Conceptronic C54Apm.