Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.1
CVSSv3

CVE-2014-2045

Published: 20/01/2017 Updated: 09/10/2018
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 6.1 | Impact Score: 2.7 | Exploitability Score: 2.8
VMScore: 435
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Subscribe to Viprinet

Vulnerability Summary

Multiple cross-site scripting (XSS) vulnerabilities in the old and new interfaces in Viprinet Multichannel VPN Router 300 allow remote malicious users to inject arbitrary web script or HTML via the username when (1) logging in or (2) creating an account in the old interface, (3) username when creating an account in the new interface, (4) hostname in the old interface, (5) inspect parameter in the config module, (6) commands parameter in the atcommands tool, or (7) host parameter in the ping tool.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

viprinet multichannel_vpn_router_300_firmware 2013080900

viprinet multichannel_vpn_router_300_firmware 2013070830

Exploits

Exploit DB: Viprinet Multichannel VPN Router 300 - Persistent Cross-Site Scripting
Vulnerability title: Multiple Instances Of Cross-site Scripting In Viprinet Multichannel VPN Router 300 CVE: CVE-2014-2045 Vendor: Viprinet Product: Multichannel VPN Router 300 Affected version: 2013070830/2013080900 Fixed version: 2014013131/2014020702 Reported by: Tim Brown Details: The data supplied to both the `old’ and `new’ web ap ...
Exploit DB: Viprinet Multichannel VPN Router 300 Cross Site Scripting
Viprinet Multichannel VPN Router 300 suffers from multiple cross site scripting vulnerabilities ...

References

CWE-79https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2045/https://www.exploit-db.com/exploits/39407/http://seclists.org/fulldisclosure/2016/Feb/8http://packetstormsecurity.com/files/135613/Viprinet-Multichannel-VPN-Router-300-Cross-Site-Scripting.htmlhttp://www.securityfocus.com/archive/1/537441/100/0/threadedhttps://nvd.nist.govhttps://www.exploit-db.com/exploits/39407/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4671unauthorizedCVE-2024-4776CVE-2024-3407CVE-2024-26026CVE-2024-32888wirelessCVE-2024-4656template injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook