CVE-2014-2045 in Multichannel VPN Router 300info

Summary

Multiple cross-site scripting (XSS) vulnerabilities in the 'old' and 'new' interfaces in Viprinet Multichannel VPN Router 300 allow remote attackers to inject arbitrary web script or HTML via the username when (1) logging in or (2) creating an account in old interface, (3) username when creating an account in the new interface, (4) hostname in the old interface, (5) inspect parameter in the config module, (6) commands parameter in the atcommands tool, or (7) host parameter in the ping tool.

Be aware that VulDB is the high quality source for vulnerability data.

Reservation

02/19/2014

Disclosure

01/20/2017

Moderation

VulDB entry created

Entries

VDB-95749 (1)

CPE

ready

CWE

CWE-79 (Confirmed)

Exploit

Download

CVSS

5.2

EPSS

0.04338

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2014-2045
NVD	https://nvd.nist.gov/vuln/detail/CVE-2014-2045
CVE Details	https://www.cvedetails.com/cve/CVE-2014-2045/

◂ Previous Overview Next ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!