CVE-2014-2045

MEDIUM

Viprinet Multichannel VPN Router 300 - XSS

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2014-2045. PoCs published by Portcullis.

AI-analyzed exploit summary The document describes multiple stored and reflected XSS vulnerabilities in Viprinet Multichannel VPN Router 300. It provides examples of attack vectors and affected interfaces without executable exploit code.

Description

Multiple cross-site scripting (XSS) vulnerabilities in the old and new interfaces in Viprinet Multichannel VPN Router 300 allow remote attackers to inject arbitrary web script or HTML via the username when (1) logging in or (2) creating an account in the old interface, (3) username when creating an account in the new interface, (4) hostname in the old interface, (5) inspect parameter in the config module, (6) commands parameter in the atcommands tool, or (7) host parameter in the ping tool.

Exploits (1)

exploitdb WRITEUP

by Portcullis · textwebappshardware

https://www.exploit-db.com/exploits/39407

View Code ZIP pw:eip

The document describes multiple stored and reflected XSS vulnerabilities in Viprinet Multichannel VPN Router 300. It provides examples of attack vectors and affected interfaces without executable exploit code.

Classification

Writeup 100%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Viprinet Multichannel VPN Router 300 (versions 2013070830/2013080900)

Auth required

Prerequisites: Access to the web management interface · Valid session ID for reflected XSS

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5

Core References

Exploit, Third Party Advisory x_refsource_misc

https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2045/

Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/39407/

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/537441/100/0/threaded

Exploit, Third Party Advisory, VDB Entry x_refsource_misc

http://packetstormsecurity.com/files/135613/Viprinet-Multichannel-VPN-Router-300-Cross-Site-Scripting.html

Mailing List, Third Party Advisory mailing-list x_refsource_fulldisc

http://seclists.org/fulldisclosure/2016/Feb/8

Scores

CVSS v3 6.1

EPSS 0.0449

EPSS Percentile 90.2%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (2)

viprinet/multichannel_vpn_router_300_firmware 2013070830

viprinet/multichannel_vpn_router_300_firmware 2013080900

Published Jan 20, 2017

Tracked Since Feb 18, 2026