cvelistv5 - cve-2014-2045

CVE-2014-2045 (GCVE-0-2014-2045)

Vulnerability from cvelistv5 – Published: 2017-01-20 15:00 – Updated: 2024-08-06 09:58

Summary

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	https://www.portcullis-security.com/security-rese…	x_refsource_MISC
	https://www.exploit-db.com/exploits/39407/	exploitx_refsource_EXPLOIT-DB
	http://www.securityfocus.com/archive/1/537441/100…	mailing-listx_refsource_BUGTRAQ
	http://packetstormsecurity.com/files/135613/Vipri…	x_refsource_MISC
	http://seclists.org/fulldisclosure/2016/Feb/8	mailing-listx_refsource_FULLDISC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T09:58:16.327Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2045/"
          },
          {
            "name": "39407",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/39407/"
          },
          {
            "name": "20160203 Security Advisories",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/537441/100/0/threaded"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/135613/Viprinet-Multichannel-VPN-Router-300-Cross-Site-Scripting.html"
          },
          {
            "name": "20160203 Security Advisories",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2016/Feb/8"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-02-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple cross-site scripting (XSS) vulnerabilities in the old and new interfaces in Viprinet Multichannel VPN Router 300 allow remote attackers to inject arbitrary web script or HTML via the username when (1) logging in or (2) creating an account in the old interface, (3) username when creating an account in the new interface, (4) hostname in the old interface, (5) inspect parameter in the config module, (6) commands parameter in the atcommands tool, or (7) host parameter in the ping tool."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-09T18:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2045/"
        },
        {
          "name": "39407",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/39407/"
        },
        {
          "name": "20160203 Security Advisories",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/537441/100/0/threaded"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/135613/Viprinet-Multichannel-VPN-Router-300-Cross-Site-Scripting.html"
        },
        {
          "name": "20160203 Security Advisories",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2016/Feb/8"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2014-2045",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in the old and new interfaces in Viprinet Multichannel VPN Router 300 allow remote attackers to inject arbitrary web script or HTML via the username when (1) logging in or (2) creating an account in the old interface, (3) username when creating an account in the new interface, (4) hostname in the old interface, (5) inspect parameter in the config module, (6) commands parameter in the atcommands tool, or (7) host parameter in the ping tool."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2045/",
              "refsource": "MISC",
              "url": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2045/"
            },
            {
              "name": "39407",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/39407/"
            },
            {
              "name": "20160203 Security Advisories",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/537441/100/0/threaded"
            },
            {
              "name": "http://packetstormsecurity.com/files/135613/Viprinet-Multichannel-VPN-Router-300-Cross-Site-Scripting.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/135613/Viprinet-Multichannel-VPN-Router-300-Cross-Site-Scripting.html"
            },
            {
              "name": "20160203 Security Advisories",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2016/Feb/8"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2014-2045",
    "datePublished": "2017-01-20T15:00:00",
    "dateReserved": "2014-02-19T00:00:00",
    "dateUpdated": "2024-08-06T09:58:16.327Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:viprinet:multichannel_vpn_router_300_firmware:2013070830:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"339FD28A-88C5-4C8F-8BFA-06AF6B3A207C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:viprinet:multichannel_vpn_router_300_firmware:2013080900:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"178D8271-3C33-44A9-9820-F5A559A696F4\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:viprinet:multichannel_vpn_router_300:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9220DA03-6664-450A-A57A-DFB45A8B3938\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Multiple cross-site scripting (XSS) vulnerabilities in the old and new interfaces in Viprinet Multichannel VPN Router 300 allow remote attackers to inject arbitrary web script or HTML via the username when (1) logging in or (2) creating an account in the old interface, (3) username when creating an account in the new interface, (4) hostname in the old interface, (5) inspect parameter in the config module, (6) commands parameter in the atcommands tool, or (7) host parameter in the ping tool.\"}, {\"lang\": \"es\", \"value\": \"M\\u00faltiples vulnerabilidades de XSS en las interfaces antigua y nueva en Viprinet Multichannel VPN Router 300 permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\\u00e9s del nombre de usuario cuando (1) inicia sesi\\u00f3n o (2) se crea una nueva cuenta en la interfaz antigua, (3) nombre de usuario cuando crea una nueva cuenta en la interfaz nueva, (4) nombre de anfitri\\u00f3n en la interfaz antig\\u00fca, (5) inspeccionar el par\\u00e1metro en el m\\u00f3dulo de configuraci\\u00f3n, (6) par\\u00e1metro de comandos en la herramienta atcommands o (7) par\\u00e1metro anfitri\\u00f3n en la herramienta de ping.\"}]",
      "id": "CVE-2014-2045",
      "lastModified": "2024-11-21T02:05:31.613",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\", \"baseScore\": 6.1, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 2.7}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:N/I:P/A:N\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2017-01-20T15:59:00.147",
      "references": "[{\"url\": \"http://packetstormsecurity.com/files/135613/Viprinet-Multichannel-VPN-Router-300-Cross-Site-Scripting.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://seclists.org/fulldisclosure/2016/Feb/8\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://www.securityfocus.com/archive/1/537441/100/0/threaded\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://www.exploit-db.com/exploits/39407/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2045/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"http://packetstormsecurity.com/files/135613/Viprinet-Multichannel-VPN-Router-300-Cross-Site-Scripting.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://seclists.org/fulldisclosure/2016/Feb/8\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://www.securityfocus.com/archive/1/537441/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.exploit-db.com/exploits/39407/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2045/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-79\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2014-2045\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2017-01-20T15:59:00.147\",\"lastModified\":\"2025-04-20T01:37:25.860\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Multiple cross-site scripting (XSS) vulnerabilities in the old and new interfaces in Viprinet Multichannel VPN Router 300 allow remote attackers to inject arbitrary web script or HTML via the username when (1) logging in or (2) creating an account in the old interface, (3) username when creating an account in the new interface, (4) hostname in the old interface, (5) inspect parameter in the config module, (6) commands parameter in the atcommands tool, or (7) host parameter in the ping tool.\"},{\"lang\":\"es\",\"value\":\"M\u00faltiples vulnerabilidades de XSS en las interfaces antigua y nueva en Viprinet Multichannel VPN Router 300 permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s del nombre de usuario cuando (1) inicia sesi\u00f3n o (2) se crea una nueva cuenta en la interfaz antigua, (3) nombre de usuario cuando crea una nueva cuenta en la interfaz nueva, (4) nombre de anfitri\u00f3n en la interfaz antig\u00fca, (5) inspeccionar el par\u00e1metro en el m\u00f3dulo de configuraci\u00f3n, (6) par\u00e1metro de comandos en la herramienta atcommands o (7) par\u00e1metro anfitri\u00f3n en la herramienta de ping.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":6.1,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":2.7}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:viprinet:multichannel_vpn_router_300_firmware:2013070830:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"339FD28A-88C5-4C8F-8BFA-06AF6B3A207C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:viprinet:multichannel_vpn_router_300_firmware:2013080900:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"178D8271-3C33-44A9-9820-F5A559A696F4\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:viprinet:multichannel_vpn_router_300:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9220DA03-6664-450A-A57A-DFB45A8B3938\"}]}]}],\"references\":[{\"url\":\"http://packetstormsecurity.com/files/135613/Viprinet-Multichannel-VPN-Router-300-Cross-Site-Scripting.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://seclists.org/fulldisclosure/2016/Feb/8\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/archive/1/537441/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://www.exploit-db.com/exploits/39407/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2045/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"http://packetstormsecurity.com/files/135613/Viprinet-Multichannel-VPN-Router-300-Cross-Site-Scripting.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://seclists.org/fulldisclosure/2016/Feb/8\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/archive/1/537441/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.exploit-db.com/exploits/39407/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2045/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]}]}}"
  }
}

VAR-201701-0533

Vulnerability from variot - Updated: 2023-12-18 12:20

Multiple cross-site scripting (XSS) vulnerabilities in the old and new interfaces in Viprinet Multichannel VPN Router 300 allow remote attackers to inject arbitrary web script or HTML via the username when (1) logging in or (2) creating an account in the old interface, (3) username when creating an account in the new interface, (4) hostname in the old interface, (5) inspect parameter in the config module, (6) commands parameter in the atcommands tool, or (7) host parameter in the ping tool. ViprinetEuropeMultichannelVPNRouter300 is a multi-channel VPN router product from ViprinetEurope, Germany. A cross-site scripting vulnerability exists in ViprinetEuropeMultichannelVPNRouter300. An attacker could exploit this vulnerability to inject arbitrary web scripts or HTML. An HTML-injection vulnerability 3. Multiple security-bypass vulnerabilities An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials and to launch other attacks, perform man-in-the-middle attacks and impersonate trusted servers or bypass certain security restrictions and perform unauthorized actions. This is a normal feature of many applications, however, in this instance the application failed to restrict the type of data that could be stored and also failed to sanitise it, meaning that it could not be safely rendered by the browser.

Stored cross-site scripting could be triggered by:


    Attempting to login with a username of `<script>alert(1)</script>’ (affects `old’ interface and results in post-authentication cross-site Scripting when a legitimate administrator views the realtime log)
    Creating an account with a username of `<script>alert(1)</script>’ (affects both `old’ and `new’ interfaces once created)
    Setting the device’s hostname to `<script>alert(1)</script>’  (affects `old’ interface once created)


A number of locations were identified as being vulnerable to reflective attacks, including:

http:///exec?module=config&sessionid=&inspect=%3Cscript%20src=http://localhost:9090%3E%3C/script%3E http:///exec?tool=atcommands&sessionid=&sourceobject=WANINTERFACELIST.OBJECT__0&module=configtools&commands=%3Cscript%3Ealert%281%29%3C%2Fscript%3E http:///exec?tool=ping&sessionid=&sourceobject=WANINTERFACELIST.OBJECT__0&module=configtools&host=%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E&pingcount=3&databytes=56

The inclusion of session IDs in all URLs partially mitigates the reflective cross-site scripting but could itself be considered a vulnerability since it is included in referred headers and log files.

These are simply some examples of how this attack might be performed, and the it is believed that both the `old’ and `new’ web applications are systemically vulnerable to this.

Further details at:

https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2045/

Copyright: Copyright (c) Portcullis Computer Security Limited 2015, All rights reserved worldwide. Permission is hereby granted for the electronic redistribution of this information. It is not to be edited or altered in any way without the express written consent of Portcullis Computer Security Limited.

Disclaimer: The information herein contained may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (Portcullis Computer Security Limited) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201701-0533",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "multichannel vpn router 300",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "viprinet",
        "version": "2013070830"
      },
      {
        "model": "multichannel vpn router 300",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "viprinet",
        "version": "2013080900"
      },
      {
        "model": "multichannel vpn router 300",
        "scope": null,
        "trust": 0.8,
        "vendor": "viprinet europe",
        "version": null
      },
      {
        "model": "multichannel vpn router 300",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "viprinet europe",
        "version": "2013070830"
      },
      {
        "model": "multichannel vpn router 300",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "viprinet europe",
        "version": "2013080900"
      },
      {
        "model": "europe multichannel vpn router",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "viprinet",
        "version": "300"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-01187"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-008187"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-2045"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201602-369"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:viprinet:multichannel_vpn_router_300_firmware:2013080900:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:viprinet:multichannel_vpn_router_300_firmware:2013070830:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:viprinet:multichannel_vpn_router_300:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2014-2045"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Tim Brown",
    "sources": [
      {
        "db": "BID",
        "id": "82583"
      },
      {
        "db": "PACKETSTORM",
        "id": "135613"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201602-369"
      }
    ],
    "trust": 1.0
  },
  "cve": "CVE-2014-2045",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": true,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 4.3,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2014-2045",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "CNVD-2016-01187",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "VHN-69984",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitabilityScore": 2.8,
            "impactScore": 2.7,
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 6.1,
            "baseSeverity": "Medium",
            "confidentialityImpact": "Low",
            "exploitabilityScore": null,
            "id": "CVE-2014-2045",
            "impactScore": null,
            "integrityImpact": "Low",
            "privilegesRequired": "None",
            "scope": "Changed",
            "trust": 0.8,
            "userInteraction": "Required",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2014-2045",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2016-01187",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201602-369",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-69984",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-01187"
      },
      {
        "db": "VULHUB",
        "id": "VHN-69984"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-008187"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-2045"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201602-369"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Multiple cross-site scripting (XSS) vulnerabilities in the old and new interfaces in Viprinet Multichannel VPN Router 300 allow remote attackers to inject arbitrary web script or HTML via the username when (1) logging in or (2) creating an account in the old interface, (3) username when creating an account in the new interface, (4) hostname in the old interface, (5) inspect parameter in the config module, (6) commands parameter in the atcommands tool, or (7) host parameter in the ping tool. ViprinetEuropeMultichannelVPNRouter300 is a multi-channel VPN router product from ViprinetEurope, Germany. A cross-site scripting vulnerability exists in ViprinetEuropeMultichannelVPNRouter300. An attacker could exploit this vulnerability to inject arbitrary web scripts or HTML. An HTML-injection vulnerability\n3. Multiple security-bypass vulnerabilities\nAn attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials and to launch other attacks, perform man-in-the-middle attacks and impersonate trusted servers or bypass certain security restrictions and perform unauthorized actions. This is a normal feature of many applications, however, in this instance the application failed to restrict the type of data that could be stored and also failed to sanitise it, meaning that it could not be safely rendered by the browser. \n\n\tStored cross-site scripting could be triggered by:\n\n\t\n\t\tAttempting to login with a username of `\u003cscript\u003ealert(1)\u003c/script\u003e\u2019 (affects `old\u2019 interface and results in post-authentication cross-site Scripting when a legitimate administrator views the realtime log)\n\t\tCreating an account with a username of `\u003cscript\u003ealert(1)\u003c/script\u003e\u2019 (affects both `old\u2019 and `new\u2019 interfaces once created)\n\t\tSetting the device\u2019s hostname to `\u003cscript\u003ealert(1)\u003c/script\u003e\u2019  (affects `old\u2019 interface once created)\n\t\n\n\tA number of locations were identified as being vulnerable to reflective attacks, including:\n\n\nhttp://\u003chost\u003e/exec?module=config\u0026sessionid=\u003csessionid\u003e\u0026inspect=%3Cscript%20src=http://localhost:9090%3E%3C/script%3E\nhttp://\u003chost\u003e/exec?tool=atcommands\u0026sessionid=\u003csessionid\u003e\u0026sourceobject=WANINTERFACELIST.OBJECT__0\u0026module=configtools\u0026commands=%3Cscript%3Ealert%281%29%3C%2Fscript%3E\nhttp://\u003chost\u003e/exec?tool=ping\u0026sessionid=\u003csessionid\u003e\u0026sourceobject=WANINTERFACELIST.OBJECT__0\u0026module=configtools\u0026host=%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E\u0026pingcount=3\u0026databytes=56\n\n\n\tThe inclusion of session IDs in all URLs partially mitigates the reflective cross-site scripting but could itself be considered a vulnerability since it is included in referred headers and log files. \n\n\tThese are simply some examples of how this attack might be performed, and the it is believed that both the `old\u2019 and `new\u2019 web applications are systemically vulnerable to this. \n \n\n               \nFurther details at:\n\n https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2045/\n\n\n\nCopyright:\nCopyright (c) Portcullis Computer Security Limited 2015, All rights reserved worldwide. Permission is hereby granted for the electronic redistribution of this information. It is not to be edited or altered in any way without the express written consent of Portcullis Computer Security Limited. \n\nDisclaimer:\nThe information herein contained may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user\u0027s risk. In no event shall the author/distributor (Portcullis Computer Security Limited) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2014-2045"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-008187"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2016-01187"
      },
      {
        "db": "BID",
        "id": "82583"
      },
      {
        "db": "VULHUB",
        "id": "VHN-69984"
      },
      {
        "db": "PACKETSTORM",
        "id": "135613"
      }
    ],
    "trust": 2.61
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-69984",
        "trust": 0.1,
        "type": "unknown"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-69984"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2014-2045",
        "trust": 3.5
      },
      {
        "db": "PACKETSTORM",
        "id": "135613",
        "trust": 1.8
      },
      {
        "db": "EXPLOIT-DB",
        "id": "39407",
        "trust": 1.7
      },
      {
        "db": "BID",
        "id": "82583",
        "trust": 1.5
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-008187",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2016-01187",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201602-369",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-69984",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-01187"
      },
      {
        "db": "VULHUB",
        "id": "VHN-69984"
      },
      {
        "db": "BID",
        "id": "82583"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-008187"
      },
      {
        "db": "PACKETSTORM",
        "id": "135613"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-2045"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201602-369"
      }
    ]
  },
  "id": "VAR-201701-0533",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-01187"
      },
      {
        "db": "VULHUB",
        "id": "VHN-69984"
      }
    ],
    "trust": 1.7
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-01187"
      }
    ]
  },
  "last_update_date": "2023-12-18T12:20:10.949000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Multichannel VPN Router 300/310",
        "trust": 0.8,
        "url": "https://www.viprinet.com/en/products/multichannel-vpn-router-modular/multichannel-vpn-router-300-310"
      },
      {
        "title": "Patch for ViprinetEuropeMultichannelVPNRouter300 Cross-Site Scripting Vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/71678"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-01187"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-008187"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-79",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-69984"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-008187"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-2045"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.6,
        "url": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2045/"
      },
      {
        "trust": 2.0,
        "url": "http://seclists.org/fulldisclosure/2016/feb/8"
      },
      {
        "trust": 1.7,
        "url": "https://www.exploit-db.com/exploits/39407/"
      },
      {
        "trust": 1.7,
        "url": "http://packetstormsecurity.com/files/135613/viprinet-multichannel-vpn-router-300-cross-site-scripting.html"
      },
      {
        "trust": 1.2,
        "url": "http://www.securityfocus.com/bid/82583"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/archive/1/537441/100/0/threaded"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2045"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2045"
      },
      {
        "trust": 0.6,
        "url": "http://www.securityfocus.com/archive/1/archive/1/537441/100/0/threaded"
      },
      {
        "trust": 0.3,
        "url": "https://www.viprinet.com/en/products/multichannel-vpn-router-modular/multichannel-vpn-router-300-310"
      },
      {
        "trust": 0.1,
        "url": "http://\u003chost\u003e/exec?tool=ping\u0026sessionid=\u003csessionid\u003e\u0026sourceobject=waninterfacelist.object__0\u0026module=configtools\u0026host=%22%3e%3cscript%3ealert%281%29%3c%2fscript%3e\u0026pingcount=3\u0026databytes=56"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-2045"
      },
      {
        "trust": 0.1,
        "url": "http://\u003chost\u003e/exec?tool=atcommands\u0026sessionid=\u003csessionid\u003e\u0026sourceobject=waninterfacelist.object__0\u0026module=configtools\u0026commands=%3cscript%3ealert%281%29%3c%2fscript%3e"
      },
      {
        "trust": 0.1,
        "url": "http://\u003chost\u003e/exec?module=config\u0026sessionid=\u003csessionid\u003e\u0026inspect=%3cscript%20src=http://localhost:9090%3e%3c/script%3e"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-01187"
      },
      {
        "db": "VULHUB",
        "id": "VHN-69984"
      },
      {
        "db": "BID",
        "id": "82583"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-008187"
      },
      {
        "db": "PACKETSTORM",
        "id": "135613"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-2045"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201602-369"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-01187"
      },
      {
        "db": "VULHUB",
        "id": "VHN-69984"
      },
      {
        "db": "BID",
        "id": "82583"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-008187"
      },
      {
        "db": "PACKETSTORM",
        "id": "135613"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-2045"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201602-369"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-02-23T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2016-01187"
      },
      {
        "date": "2017-01-20T00:00:00",
        "db": "VULHUB",
        "id": "VHN-69984"
      },
      {
        "date": "2016-02-03T00:00:00",
        "db": "BID",
        "id": "82583"
      },
      {
        "date": "2017-01-31T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2014-008187"
      },
      {
        "date": "2016-02-05T19:02:22",
        "db": "PACKETSTORM",
        "id": "135613"
      },
      {
        "date": "2017-01-20T15:59:00.147000",
        "db": "NVD",
        "id": "CVE-2014-2045"
      },
      {
        "date": "2016-02-19T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201602-369"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-02-23T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2016-01187"
      },
      {
        "date": "2018-10-09T00:00:00",
        "db": "VULHUB",
        "id": "VHN-69984"
      },
      {
        "date": "2016-07-05T21:22:00",
        "db": "BID",
        "id": "82583"
      },
      {
        "date": "2017-01-31T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2014-008187"
      },
      {
        "date": "2018-10-09T19:43:08.283000",
        "db": "NVD",
        "id": "CVE-2014-2045"
      },
      {
        "date": "2017-02-04T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201602-369"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201602-369"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Viprinet Europe Multichannel VPN Router 300 Cross-Site Scripting Vulnerability",
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-01187"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201602-369"
      }
    ],
    "trust": 1.2
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "xss",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "135613"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201602-369"
      }
    ],
    "trust": 0.7
  }
}

GSD-2014-2045

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2014-2045

Aliases

CVE-2014-2045

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2014-2045",
    "description": "Multiple cross-site scripting (XSS) vulnerabilities in the old and new interfaces in Viprinet Multichannel VPN Router 300 allow remote attackers to inject arbitrary web script or HTML via the username when (1) logging in or (2) creating an account in the old interface, (3) username when creating an account in the new interface, (4) hostname in the old interface, (5) inspect parameter in the config module, (6) commands parameter in the atcommands tool, or (7) host parameter in the ping tool.",
    "id": "GSD-2014-2045",
    "references": [
      "https://packetstormsecurity.com/files/cve/CVE-2014-2045"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2014-2045"
      ],
      "details": "Multiple cross-site scripting (XSS) vulnerabilities in the old and new interfaces in Viprinet Multichannel VPN Router 300 allow remote attackers to inject arbitrary web script or HTML via the username when (1) logging in or (2) creating an account in the old interface, (3) username when creating an account in the new interface, (4) hostname in the old interface, (5) inspect parameter in the config module, (6) commands parameter in the atcommands tool, or (7) host parameter in the ping tool.",
      "id": "GSD-2014-2045",
      "modified": "2023-12-13T01:22:46.857082Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2014-2045",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Multiple cross-site scripting (XSS) vulnerabilities in the old and new interfaces in Viprinet Multichannel VPN Router 300 allow remote attackers to inject arbitrary web script or HTML via the username when (1) logging in or (2) creating an account in the old interface, (3) username when creating an account in the new interface, (4) hostname in the old interface, (5) inspect parameter in the config module, (6) commands parameter in the atcommands tool, or (7) host parameter in the ping tool."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2045/",
            "refsource": "MISC",
            "url": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2045/"
          },
          {
            "name": "39407",
            "refsource": "EXPLOIT-DB",
            "url": "https://www.exploit-db.com/exploits/39407/"
          },
          {
            "name": "20160203 Security Advisories",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/537441/100/0/threaded"
          },
          {
            "name": "http://packetstormsecurity.com/files/135613/Viprinet-Multichannel-VPN-Router-300-Cross-Site-Scripting.html",
            "refsource": "MISC",
            "url": "http://packetstormsecurity.com/files/135613/Viprinet-Multichannel-VPN-Router-300-Cross-Site-Scripting.html"
          },
          {
            "name": "20160203 Security Advisories",
            "refsource": "FULLDISC",
            "url": "http://seclists.org/fulldisclosure/2016/Feb/8"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:viprinet:multichannel_vpn_router_300_firmware:2013080900:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:viprinet:multichannel_vpn_router_300_firmware:2013070830:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:viprinet:multichannel_vpn_router_300:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2014-2045"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in the old and new interfaces in Viprinet Multichannel VPN Router 300 allow remote attackers to inject arbitrary web script or HTML via the username when (1) logging in or (2) creating an account in the old interface, (3) username when creating an account in the new interface, (4) hostname in the old interface, (5) inspect parameter in the config module, (6) commands parameter in the atcommands tool, or (7) host parameter in the ping tool."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-79"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2045/",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Third Party Advisory"
              ],
              "url": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2045/"
            },
            {
              "name": "39407",
              "refsource": "EXPLOIT-DB",
              "tags": [
                "Exploit",
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "https://www.exploit-db.com/exploits/39407/"
            },
            {
              "name": "20160203 Security Advisories",
              "refsource": "FULLDISC",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://seclists.org/fulldisclosure/2016/Feb/8"
            },
            {
              "name": "http://packetstormsecurity.com/files/135613/Viprinet-Multichannel-VPN-Router-300-Cross-Site-Scripting.html",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://packetstormsecurity.com/files/135613/Viprinet-Multichannel-VPN-Router-300-Cross-Site-Scripting.html"
            },
            {
              "name": "20160203 Security Advisories",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/537441/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.0"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 2.7
        }
      },
      "lastModifiedDate": "2018-10-09T19:43Z",
      "publishedDate": "2017-01-20T15:59Z"
    }
  }
}

GHSA-8MPF-JQGM-M3JG

Vulnerability from github – Published: 2022-05-14 02:53 – Updated: 2025-04-20 03:31

Details

Severity ?

6.1 (Medium)


                  
                    CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2014-2045"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-01-20T15:59:00Z",
    "severity": "MODERATE"
  },
  "details": "Multiple cross-site scripting (XSS) vulnerabilities in the old and new interfaces in Viprinet Multichannel VPN Router 300 allow remote attackers to inject arbitrary web script or HTML via the username when (1) logging in or (2) creating an account in the old interface, (3) username when creating an account in the new interface, (4) hostname in the old interface, (5) inspect parameter in the config module, (6) commands parameter in the atcommands tool, or (7) host parameter in the ping tool.",
  "id": "GHSA-8mpf-jqgm-m3jg",
  "modified": "2025-04-20T03:31:22Z",
  "published": "2022-05-14T02:53:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-2045"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/39407"
    },
    {
      "type": "WEB",
      "url": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2045"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/135613/Viprinet-Multichannel-VPN-Router-300-Cross-Site-Scripting.html"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2016/Feb/8"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/537441/100/0/threaded"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

CNVD-2016-01187

Vulnerability from cnvd - Published: 2016-02-23

Title

Viprinet Europe Multichannel VPN Router 300跨站脚本漏洞

Description

Viprinet Europe Multichannel VPN Router 300是德国Viprinet Europe公司的一款多路VPN路由器产品。 Viprinet Europe Multichannel VPN Router 300中存在跨站脚本漏洞。攻击者可利用该漏洞注入任意Web脚本或HTML。

Severity

中

Patch Name

Viprinet Europe Multichannel VPN Router 300跨站脚本漏洞的补丁

Patch Description

Viprinet Europe Multichannel VPN Router 300是德国Viprinet Europe公司的一款多路VPN路由器产品。 Viprinet Europe Multichannel VPN Router 300中存在跨站脚本漏洞。攻击者可利用该漏洞注入任意Web脚本或HTML。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已经发布了升级补丁以修复此安全问题，详情请关注厂商主页： https://www.viprinet.com/

Reference

http://www.securityfocus.com/bid/82583

Impacted products

Name
Viprinet Europe Multichannel VPN Router 300

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "82583"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2014-2045"
    }
  },
  "description": "Viprinet Europe Multichannel VPN Router 300\u662f\u5fb7\u56fdViprinet Europe\u516c\u53f8\u7684\u4e00\u6b3e\u591a\u8defVPN\u8def\u7531\u5668\u4ea7\u54c1\u3002\r\n\r\nViprinet Europe Multichannel VPN Router 300\u4e2d\u5b58\u5728\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6ce8\u5165\u4efb\u610fWeb\u811a\u672c\u6216HTML\u3002",
  "discovererName": "Tim Brown",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u8be6\u60c5\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\uff1a\r\nhttps://www.viprinet.com/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2016-01187",
  "openTime": "2016-02-23",
  "patchDescription": "Viprinet Europe Multichannel VPN Router 300\u662f\u5fb7\u56fdViprinet Europe\u516c\u53f8\u7684\u4e00\u6b3e\u591a\u8defVPN\u8def\u7531\u5668\u4ea7\u54c1\u3002\r\n\r\nViprinet Europe Multichannel VPN Router 300\u4e2d\u5b58\u5728\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6ce8\u5165\u4efb\u610fWeb\u811a\u672c\u6216HTML\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Viprinet Europe Multichannel VPN Router 300\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Viprinet Europe Multichannel VPN Router 300"
  },
  "referenceLink": "http://www.securityfocus.com/bid/82583",
  "serverity": "\u4e2d",
  "submitTime": "2016-02-22",
  "title": "Viprinet Europe Multichannel VPN Router 300\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e"
}

CERTFR-2015-AVI-149

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été corrigées dans les produits Huawei. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
N/A	N/A	Huawei SingleCLOUD versions antérieures à V100R005C00SPC300
N/A	N/A	Huawei GalaxEngine versions antérieures à V100R005C00SPC300
N/A	N/A	Huawei FusionCompute versions antérieures à V100R005C00SPC300

References

Title

Publication Time

Tags

Bulletin de sécurité Huawei Huawei-SA-20150327-01-Xen du 10 avril 2015	None	vendor-advisory
Bulletin de sécurité Huawei Huawei-SA-20150327-01-Xen du 10 avril 2015	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Huawei SingleCLOUD versions ant\u00e9rieures \u00e0 V100R005C00SPC300",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Huawei GalaxEngine versions ant\u00e9rieures \u00e0 V100R005C00SPC300",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Huawei FusionCompute versions ant\u00e9rieures \u00e0 V100R005C00SPC300",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2015-2045",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-2045"
    },
    {
      "name": "CVE-2014-2045",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-2045"
    },
    {
      "name": "CVE-2015-2044",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-2044"
    },
    {
      "name": "CVE-2015-2150",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-2150"
    },
    {
      "name": "CVE-2014-2151",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-2151"
    },
    {
      "name": "CVE-2015-2151",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-2151"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Huawei Huawei-SA-20150327-01-Xen du 10    avril 2015",
      "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-423503.htm"
    }
  ],
  "reference": "CERTFR-2015-AVI-149",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2015-04-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans les produits \u003cspan\nclass=\"textit\"\u003eHuawei\u003c/span\u003e. Certaines d\u0027entre elles permettent \u00e0 un\nattaquant de provoquer une ex\u00e9cution de code arbitraire, un d\u00e9ni de\nservice et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Huawei",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Huawei Huawei-SA-20150327-01-Xen du 10 avril 2015",
      "url": null
    }
  ]
}

CERTFR-2015-AVI-149

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
N/A	N/A	Huawei SingleCLOUD versions antérieures à V100R005C00SPC300
N/A	N/A	Huawei GalaxEngine versions antérieures à V100R005C00SPC300
N/A	N/A	Huawei FusionCompute versions antérieures à V100R005C00SPC300

References

Title

Publication Time

Tags

Bulletin de sécurité Huawei Huawei-SA-20150327-01-Xen du 10 avril 2015	None	vendor-advisory
Bulletin de sécurité Huawei Huawei-SA-20150327-01-Xen du 10 avril 2015	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Huawei SingleCLOUD versions ant\u00e9rieures \u00e0 V100R005C00SPC300",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Huawei GalaxEngine versions ant\u00e9rieures \u00e0 V100R005C00SPC300",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Huawei FusionCompute versions ant\u00e9rieures \u00e0 V100R005C00SPC300",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2015-2045",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-2045"
    },
    {
      "name": "CVE-2014-2045",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-2045"
    },
    {
      "name": "CVE-2015-2044",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-2044"
    },
    {
      "name": "CVE-2015-2150",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-2150"
    },
    {
      "name": "CVE-2014-2151",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-2151"
    },
    {
      "name": "CVE-2015-2151",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-2151"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Huawei Huawei-SA-20150327-01-Xen du 10    avril 2015",
      "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-423503.htm"
    }
  ],
  "reference": "CERTFR-2015-AVI-149",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2015-04-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans les produits \u003cspan\nclass=\"textit\"\u003eHuawei\u003c/span\u003e. Certaines d\u0027entre elles permettent \u00e0 un\nattaquant de provoquer une ex\u00e9cution de code arbitraire, un d\u00e9ni de\nservice et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Huawei",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Huawei Huawei-SA-20150327-01-Xen du 10 avril 2015",
      "url": null
    }
  ]
}

FKIE_CVE-2014-2045

Vulnerability from fkie_nvd - Published: 2017-01-20 15:59 - Updated: 2025-04-20 01:37

Severity ?

6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Summary

References

URL	Tags
cve@mitre.org	http://packetstormsecurity.com/files/135613/Viprinet-Multichannel-VPN-Router-300-Cross-Site-Scripting.html	Exploit, Third Party Advisory, VDB Entry
cve@mitre.org	http://seclists.org/fulldisclosure/2016/Feb/8	Mailing List, Third Party Advisory
cve@mitre.org	http://www.securityfocus.com/archive/1/537441/100/0/threaded
cve@mitre.org	https://www.exploit-db.com/exploits/39407/	Exploit, Third Party Advisory, VDB Entry
cve@mitre.org	https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2045/	Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/135613/Viprinet-Multichannel-VPN-Router-300-Cross-Site-Scripting.html	Exploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://seclists.org/fulldisclosure/2016/Feb/8	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/537441/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	https://www.exploit-db.com/exploits/39407/	Exploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2045/	Exploit, Third Party Advisory

Impacted products

Vendor	Product	Version
viprinet	multichannel_vpn_router_300_firmware	2013070830
viprinet	multichannel_vpn_router_300_firmware	2013080900
viprinet	multichannel_vpn_router_300	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:viprinet:multichannel_vpn_router_300_firmware:2013070830:*:*:*:*:*:*:*",
              "matchCriteriaId": "339FD28A-88C5-4C8F-8BFA-06AF6B3A207C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:viprinet:multichannel_vpn_router_300_firmware:2013080900:*:*:*:*:*:*:*",
              "matchCriteriaId": "178D8271-3C33-44A9-9820-F5A559A696F4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:viprinet:multichannel_vpn_router_300:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9220DA03-6664-450A-A57A-DFB45A8B3938",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple cross-site scripting (XSS) vulnerabilities in the old and new interfaces in Viprinet Multichannel VPN Router 300 allow remote attackers to inject arbitrary web script or HTML via the username when (1) logging in or (2) creating an account in the old interface, (3) username when creating an account in the new interface, (4) hostname in the old interface, (5) inspect parameter in the config module, (6) commands parameter in the atcommands tool, or (7) host parameter in the ping tool."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidades de XSS en las interfaces antigua y nueva en Viprinet Multichannel VPN Router 300 permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s del nombre de usuario cuando (1) inicia sesi\u00f3n o (2) se crea una nueva cuenta en la interfaz antigua, (3) nombre de usuario cuando crea una nueva cuenta en la interfaz nueva, (4) nombre de anfitri\u00f3n en la interfaz antig\u00fca, (5) inspeccionar el par\u00e1metro en el m\u00f3dulo de configuraci\u00f3n, (6) par\u00e1metro de comandos en la herramienta atcommands o (7) par\u00e1metro anfitri\u00f3n en la herramienta de ping."
    }
  ],
  "id": "CVE-2014-2045",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-01-20T15:59:00.147",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/135613/Viprinet-Multichannel-VPN-Router-300-Cross-Site-Scripting.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2016/Feb/8"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/537441/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.exploit-db.com/exploits/39407/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2045/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/135613/Viprinet-Multichannel-VPN-Router-300-Cross-Site-Scripting.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2016/Feb/8"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/537441/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.exploit-db.com/exploits/39407/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2045/"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2014-2045 (GCVE-0-2014-2045)

VAR-201701-0533

GSD-2014-2045

GHSA-8MPF-JQGM-M3JG

CNVD-2016-01187

CERTFR-2015-AVI-149

Solution

CERTFR-2015-AVI-149

Solution

FKIE_CVE-2014-2045

Tags

Sightings

Nomenclature