CVE-2014-1405
Conceptronic C54APM Firmware 1.26 - Open Redirect via submit-url or wlan-url Parameter
Title source: llmDescription
Multiple open redirect vulnerabilities on the Conceptronic C54APM access point with runtime code 1.26 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via (1) the submit-url parameter in a Refresh action to goform/formWlSiteSurvey or (2) the wlan-url parameter to goform/formWlanSetup.
References (3)
Core 3
Core References
Vendor Advisory x_refsource_misc
http://antoniovazquezblanco.github.io/docs/advisories/Advisory_C54APM_Multiple.pdf
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/101916
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/101917
Scores
EPSS
0.0117
EPSS Percentile
63.6%
Details
CWE
CWE-20
Status
published
Products (2)
conceptronic/c54apm
v2
conceptronic/c54apm_firmware
1.26
Published
Jan 10, 2014
Tracked Since
Feb 18, 2026