Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in the old and new interfaces in Viprinet Multichannel VPN Router 300 allow remote attackers to inject arbitrary web script or HTML via the username when (1) logging in or (2) creating an account in the old interface, (3) username when creating an account in the new interface, (4) hostname in the old interface, (5) inspect parameter in the config module, (6) commands parameter in the atcommands tool, or (7) host parameter in the ping tool.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Viprinet | Multichannel Vpn Router 300 Firmware | 2013070830 |
| Viprinet | Multichannel Vpn Router 300 | - |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/135613/Viprinet-Multichannel-VPN-Router-300ExploitThird Party AdvisoryVDB Entry
- http://seclists.org/fulldisclosure/2016/Feb/8Mailing ListThird Party Advisory
- http://www.securityfocus.com/archive/1/537441/100/0/threaded
- https://www.exploit-db.com/exploits/39407/ExploitThird Party AdvisoryVDB Entry
- https://www.portcullis-security.com/security-research-and-downloads/security-advExploitThird Party Advisory
- http://packetstormsecurity.com/files/135613/Viprinet-Multichannel-VPN-Router-300ExploitThird Party AdvisoryVDB Entry
- http://seclists.org/fulldisclosure/2016/Feb/8Mailing ListThird Party Advisory
- http://www.securityfocus.com/archive/1/537441/100/0/threaded
- https://www.exploit-db.com/exploits/39407/ExploitThird Party AdvisoryVDB Entry
- https://www.portcullis-security.com/security-research-and-downloads/security-advExploitThird Party Advisory
FAQ
What is CVE-2014-2045?
CVE-2014-2045 is a vulnerability with a CVSS score of 6.1 (MEDIUM). Multiple cross-site scripting (XSS) vulnerabilities in the old and new interfaces in Viprinet Multichannel VPN Router 300 allow remote attackers to inject arbitrary web script or HTML via the username...
How severe is CVE-2014-2045?
CVE-2014-2045 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-2045?
Check the references section above for vendor advisories and patch information. Affected products include: Viprinet Multichannel Vpn Router 300 Firmware, Viprinet Multichannel Vpn Router 300.