Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    4 vulnerabilities by viprinet

    VAR-201701-0628

    Vulnerability from variot - Updated: 2023-12-18 12:20

    The hardware VPN client in Viprinet MultichannelVPN Router 300 version 2013070830/2013080900 does not validate the remote VPN endpoint identity (through the checking of the endpoint's SSL key) before initiating the exchange, which allows remote attackers to perform a replay attack. ViprinetEuropeMultichannelVPNRouter300 is a multi-channel VPN router product from ViprinetEurope, Germany. A security vulnerability exists in ViprinetEuropeMultichannelVPNRouter300. An attacker could exploit the vulnerability to implement a protocol downgrade attack. Multiple cross-site scripting vulnerabilities 2. Multiple security-bypass vulnerabilities An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials and to launch other attacks, perform man-in-the-middle attacks and impersonate trusted servers or bypass certain security restrictions and perform unauthorized actions.

    In this example, we perform a downgrade attack from protocol version 3 to protocol version 2, however as noted in the impact, version 3 of the protocol is similarly affected.
    
    Note: MITRE have assigned CVE-2014-9754 to reference the missing certificate validation and CVE-2014-9755 to reference the protocol downgrade attack.
    

    Further details at: https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-9754-cve-2014-9755/

    Copyright: Copyright (c) Portcullis Computer Security Limited 2015, All rights reserved worldwide. Permission is hereby granted for the electronic redistribution of this information. It is not to be edited or altered in any way without the express written consent of Portcullis Computer Security Limited.

    Disclaimer: The information herein contained may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (Portcullis Computer Security Limited) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201701-0628",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "multichannel vpn router 300",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "viprinet",
            "version": "2013070830"
          },
          {
            "model": "multichannel vpn router 300",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "viprinet",
            "version": "2013080900"
          },
          {
            "model": "multichannel vpn router 300",
            "scope": null,
            "trust": 0.8,
            "vendor": "viprinet europe",
            "version": null
          },
          {
            "model": "multichannel vpn router 300",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "viprinet europe",
            "version": "2013070830"
          },
          {
            "model": "multichannel vpn router 300",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "viprinet europe",
            "version": "2013080900"
          },
          {
            "model": "europe multichannel vpn router",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "viprinet",
            "version": "300"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-01189"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-008189"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-9755"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201602-367"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:viprinet:multichannel_vpn_router_300_firmware:2013080900:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      },
                      {
                        "cpe23Uri": "cpe:2.3:o:viprinet:multichannel_vpn_router_300_firmware:2013070830:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:viprinet:multichannel_vpn_router_300:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2014-9755"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Tim Brown",
        "sources": [
          {
            "db": "BID",
            "id": "82583"
          },
          {
            "db": "PACKETSTORM",
            "id": "135614"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201602-367"
          }
        ],
        "trust": 1.0
      },
      "cve": "CVE-2014-9755",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 5.0,
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "CVE-2014-9755",
                "impactScore": null,
                "integrityImpact": "None",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "CNVD-2016-01189",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "VHN-77700",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.5,
                "baseSeverity": "High",
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "CVE-2014-9755",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2014-9755",
                "trust": 1.8,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2016-01189",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201602-367",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-77700",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-01189"
          },
          {
            "db": "VULHUB",
            "id": "VHN-77700"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-008189"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-9755"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201602-367"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The hardware VPN client in Viprinet MultichannelVPN Router 300 version 2013070830/2013080900 does not validate the remote VPN endpoint identity (through the checking of the endpoint\u0027s SSL key) before initiating the exchange, which allows remote attackers to perform a replay attack. ViprinetEuropeMultichannelVPNRouter300 is a multi-channel VPN router product from ViprinetEurope, Germany. A security vulnerability exists in ViprinetEuropeMultichannelVPNRouter300. An attacker could exploit the vulnerability to implement a protocol downgrade attack. Multiple cross-site scripting vulnerabilities\n2. Multiple security-bypass vulnerabilities\nAn attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials and to launch other attacks, perform man-in-the-middle attacks and impersonate trusted servers or bypass certain security restrictions and perform unauthorized actions. \n\n\tIn this example, we perform a downgrade attack from protocol version 3 to protocol version 2, however as noted in the impact, version 3 of the protocol is similarly affected. \n\n\tNote: MITRE have assigned CVE-2014-9754 to reference the missing certificate validation and CVE-2014-9755 to reference the protocol downgrade attack. \n \n\n      \nFurther details at: https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-9754-cve-2014-9755/\n\nCopyright:\nCopyright (c) Portcullis Computer Security Limited 2015, All rights reserved worldwide. Permission is hereby granted for the electronic redistribution of this information. It is not to be edited or altered in any way without the express written consent of Portcullis Computer Security Limited. \n\nDisclaimer:\nThe information herein contained may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user\u0027s risk. In no event shall the author/distributor (Portcullis Computer Security Limited) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2014-9755"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-008189"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-01189"
          },
          {
            "db": "BID",
            "id": "82583"
          },
          {
            "db": "VULHUB",
            "id": "VHN-77700"
          },
          {
            "db": "PACKETSTORM",
            "id": "135614"
          }
        ],
        "trust": 2.61
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2014-9755",
            "trust": 3.5
          },
          {
            "db": "PACKETSTORM",
            "id": "135614",
            "trust": 1.8
          },
          {
            "db": "BID",
            "id": "82583",
            "trust": 1.5
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-008189",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201602-367",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-01189",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-77700",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-01189"
          },
          {
            "db": "VULHUB",
            "id": "VHN-77700"
          },
          {
            "db": "BID",
            "id": "82583"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-008189"
          },
          {
            "db": "PACKETSTORM",
            "id": "135614"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-9755"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201602-367"
          }
        ]
      },
      "id": "VAR-201701-0628",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-01189"
          },
          {
            "db": "VULHUB",
            "id": "VHN-77700"
          }
        ],
        "trust": 1.7
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-01189"
          }
        ]
      },
      "last_update_date": "2023-12-18T12:20:10.985000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Multichannel VPN Router 300/310",
            "trust": 0.8,
            "url": "https://www.viprinet.com/en/products/multichannel-vpn-router-modular/multichannel-vpn-router-300-310"
          },
          {
            "title": "ViprinetEuropeMultichannelVPNRouter300 protocol downgrade vulnerability patch",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/71680"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-01189"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-008189"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-20",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-77700"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-008189"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-9755"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.0,
            "url": "http://seclists.org/fulldisclosure/2016/feb/8"
          },
          {
            "trust": 1.7,
            "url": "http://packetstormsecurity.com/files/135614/viprinet-multichannel-vpn-router-300-identity-verification-fail.html"
          },
          {
            "trust": 1.2,
            "url": "http://www.securityfocus.com/bid/82583"
          },
          {
            "trust": 1.1,
            "url": "http://www.securityfocus.com/archive/1/537441/100/0/threaded"
          },
          {
            "trust": 0.9,
            "url": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-9754-cve-2014-9755/"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9755"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-9755"
          },
          {
            "trust": 0.6,
            "url": "http://www.securityfocus.com/archive/1/archive/1/537441/100/0/threaded"
          },
          {
            "trust": 0.3,
            "url": "https://www.viprinet.com/en/products/multichannel-vpn-router-modular/multichannel-vpn-router-300-310"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9755"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9754"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-01189"
          },
          {
            "db": "VULHUB",
            "id": "VHN-77700"
          },
          {
            "db": "BID",
            "id": "82583"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-008189"
          },
          {
            "db": "PACKETSTORM",
            "id": "135614"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-9755"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201602-367"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-01189"
          },
          {
            "db": "VULHUB",
            "id": "VHN-77700"
          },
          {
            "db": "BID",
            "id": "82583"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-008189"
          },
          {
            "db": "PACKETSTORM",
            "id": "135614"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-9755"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201602-367"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2016-02-23T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2016-01189"
          },
          {
            "date": "2017-01-20T00:00:00",
            "db": "VULHUB",
            "id": "VHN-77700"
          },
          {
            "date": "2016-02-03T00:00:00",
            "db": "BID",
            "id": "82583"
          },
          {
            "date": "2017-01-31T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2014-008189"
          },
          {
            "date": "2016-02-05T16:22:22",
            "db": "PACKETSTORM",
            "id": "135614"
          },
          {
            "date": "2017-01-20T15:59:00.240000",
            "db": "NVD",
            "id": "CVE-2014-9755"
          },
          {
            "date": "2016-02-19T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201602-367"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2016-02-23T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2016-01189"
          },
          {
            "date": "2018-10-09T00:00:00",
            "db": "VULHUB",
            "id": "VHN-77700"
          },
          {
            "date": "2016-07-05T21:22:00",
            "db": "BID",
            "id": "82583"
          },
          {
            "date": "2017-01-31T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2014-008189"
          },
          {
            "date": "2018-10-09T19:55:13.060000",
            "db": "NVD",
            "id": "CVE-2014-9755"
          },
          {
            "date": "2017-02-04T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201602-367"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "135614"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201602-367"
          }
        ],
        "trust": 0.7
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Viprinet Multichannel VPN Router 300 Hardware  VPN Vulnerability to perform replay attacks on clients",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-008189"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "input validation",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201602-367"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201701-0533

    Vulnerability from variot - Updated: 2023-12-18 12:20

    Multiple cross-site scripting (XSS) vulnerabilities in the old and new interfaces in Viprinet Multichannel VPN Router 300 allow remote attackers to inject arbitrary web script or HTML via the username when (1) logging in or (2) creating an account in the old interface, (3) username when creating an account in the new interface, (4) hostname in the old interface, (5) inspect parameter in the config module, (6) commands parameter in the atcommands tool, or (7) host parameter in the ping tool. ViprinetEuropeMultichannelVPNRouter300 is a multi-channel VPN router product from ViprinetEurope, Germany. A cross-site scripting vulnerability exists in ViprinetEuropeMultichannelVPNRouter300. An attacker could exploit this vulnerability to inject arbitrary web scripts or HTML. An HTML-injection vulnerability 3. Multiple security-bypass vulnerabilities An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials and to launch other attacks, perform man-in-the-middle attacks and impersonate trusted servers or bypass certain security restrictions and perform unauthorized actions. This is a normal feature of many applications, however, in this instance the application failed to restrict the type of data that could be stored and also failed to sanitise it, meaning that it could not be safely rendered by the browser.

    Stored cross-site scripting could be triggered by:
    
    
        Attempting to login with a username of `<script>alert(1)</script>’ (affects `old’ interface and results in post-authentication cross-site Scripting when a legitimate administrator views the realtime log)
        Creating an account with a username of `<script>alert(1)</script>’ (affects both `old’ and `new’ interfaces once created)
        Setting the device’s hostname to `<script>alert(1)</script>’  (affects `old’ interface once created)
    
    
    A number of locations were identified as being vulnerable to reflective attacks, including:
    

    http:///exec?module=config&sessionid=&inspect=%3Cscript%20src=http://localhost:9090%3E%3C/script%3E http:///exec?tool=atcommands&sessionid=&sourceobject=WANINTERFACELIST.OBJECT__0&module=configtools&commands=%3Cscript%3Ealert%281%29%3C%2Fscript%3E http:///exec?tool=ping&sessionid=&sourceobject=WANINTERFACELIST.OBJECT__0&module=configtools&host=%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E&pingcount=3&databytes=56

    The inclusion of session IDs in all URLs partially mitigates the reflective cross-site scripting but could itself be considered a vulnerability since it is included in referred headers and log files.
    
    These are simply some examples of how this attack might be performed, and the it is believed that both the `old’ and `new’ web applications are systemically vulnerable to this.
    

    Further details at:

    https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2045/

    Copyright: Copyright (c) Portcullis Computer Security Limited 2015, All rights reserved worldwide. Permission is hereby granted for the electronic redistribution of this information. It is not to be edited or altered in any way without the express written consent of Portcullis Computer Security Limited.

    Disclaimer: The information herein contained may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (Portcullis Computer Security Limited) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201701-0533",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "multichannel vpn router 300",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "viprinet",
            "version": "2013070830"
          },
          {
            "model": "multichannel vpn router 300",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "viprinet",
            "version": "2013080900"
          },
          {
            "model": "multichannel vpn router 300",
            "scope": null,
            "trust": 0.8,
            "vendor": "viprinet europe",
            "version": null
          },
          {
            "model": "multichannel vpn router 300",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "viprinet europe",
            "version": "2013070830"
          },
          {
            "model": "multichannel vpn router 300",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "viprinet europe",
            "version": "2013080900"
          },
          {
            "model": "europe multichannel vpn router",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "viprinet",
            "version": "300"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-01187"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-008187"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-2045"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201602-369"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:viprinet:multichannel_vpn_router_300_firmware:2013080900:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      },
                      {
                        "cpe23Uri": "cpe:2.3:o:viprinet:multichannel_vpn_router_300_firmware:2013070830:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:viprinet:multichannel_vpn_router_300:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2014-2045"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Tim Brown",
        "sources": [
          {
            "db": "BID",
            "id": "82583"
          },
          {
            "db": "PACKETSTORM",
            "id": "135613"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201602-369"
          }
        ],
        "trust": 1.0
      },
      "cve": "CVE-2014-2045",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": true,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Medium",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 4.3,
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "CVE-2014-2045",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "CNVD-2016-01187",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "VHN-69984",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 2.8,
                "impactScore": 2.7,
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 6.1,
                "baseSeverity": "Medium",
                "confidentialityImpact": "Low",
                "exploitabilityScore": null,
                "id": "CVE-2014-2045",
                "impactScore": null,
                "integrityImpact": "Low",
                "privilegesRequired": "None",
                "scope": "Changed",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2014-2045",
                "trust": 1.8,
                "value": "MEDIUM"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2016-01187",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201602-369",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-69984",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-01187"
          },
          {
            "db": "VULHUB",
            "id": "VHN-69984"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-008187"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-2045"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201602-369"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Multiple cross-site scripting (XSS) vulnerabilities in the old and new interfaces in Viprinet Multichannel VPN Router 300 allow remote attackers to inject arbitrary web script or HTML via the username when (1) logging in or (2) creating an account in the old interface, (3) username when creating an account in the new interface, (4) hostname in the old interface, (5) inspect parameter in the config module, (6) commands parameter in the atcommands tool, or (7) host parameter in the ping tool. ViprinetEuropeMultichannelVPNRouter300 is a multi-channel VPN router product from ViprinetEurope, Germany. A cross-site scripting vulnerability exists in ViprinetEuropeMultichannelVPNRouter300. An attacker could exploit this vulnerability to inject arbitrary web scripts or HTML. An HTML-injection vulnerability\n3. Multiple security-bypass vulnerabilities\nAn attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials and to launch other attacks, perform man-in-the-middle attacks and impersonate trusted servers or bypass certain security restrictions and perform unauthorized actions. This is a normal feature of many applications, however, in this instance the application failed to restrict the type of data that could be stored and also failed to sanitise it, meaning that it could not be safely rendered by the browser. \n\n\tStored cross-site scripting could be triggered by:\n\n\t\n\t\tAttempting to login with a username of `\u003cscript\u003ealert(1)\u003c/script\u003e\u2019 (affects `old\u2019 interface and results in post-authentication cross-site Scripting when a legitimate administrator views the realtime log)\n\t\tCreating an account with a username of `\u003cscript\u003ealert(1)\u003c/script\u003e\u2019 (affects both `old\u2019 and `new\u2019 interfaces once created)\n\t\tSetting the device\u2019s hostname to `\u003cscript\u003ealert(1)\u003c/script\u003e\u2019  (affects `old\u2019 interface once created)\n\t\n\n\tA number of locations were identified as being vulnerable to reflective attacks, including:\n\n\nhttp://\u003chost\u003e/exec?module=config\u0026sessionid=\u003csessionid\u003e\u0026inspect=%3Cscript%20src=http://localhost:9090%3E%3C/script%3E\nhttp://\u003chost\u003e/exec?tool=atcommands\u0026sessionid=\u003csessionid\u003e\u0026sourceobject=WANINTERFACELIST.OBJECT__0\u0026module=configtools\u0026commands=%3Cscript%3Ealert%281%29%3C%2Fscript%3E\nhttp://\u003chost\u003e/exec?tool=ping\u0026sessionid=\u003csessionid\u003e\u0026sourceobject=WANINTERFACELIST.OBJECT__0\u0026module=configtools\u0026host=%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E\u0026pingcount=3\u0026databytes=56\n\n\n\tThe inclusion of session IDs in all URLs partially mitigates the reflective cross-site scripting but could itself be considered a vulnerability since it is included in referred headers and log files. \n\n\tThese are simply some examples of how this attack might be performed, and the it is believed that both the `old\u2019 and `new\u2019 web applications are systemically vulnerable to this. \n \n\n               \nFurther details at:\n\n https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2045/\n\n\n\nCopyright:\nCopyright (c) Portcullis Computer Security Limited 2015, All rights reserved worldwide. Permission is hereby granted for the electronic redistribution of this information. It is not to be edited or altered in any way without the express written consent of Portcullis Computer Security Limited. \n\nDisclaimer:\nThe information herein contained may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user\u0027s risk. In no event shall the author/distributor (Portcullis Computer Security Limited) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2014-2045"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-008187"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-01187"
          },
          {
            "db": "BID",
            "id": "82583"
          },
          {
            "db": "VULHUB",
            "id": "VHN-69984"
          },
          {
            "db": "PACKETSTORM",
            "id": "135613"
          }
        ],
        "trust": 2.61
      },
      "exploit_availability": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "reference": "https://www.scap.org.cn/vuln/vhn-69984",
            "trust": 0.1,
            "type": "unknown"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-69984"
          }
        ]
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2014-2045",
            "trust": 3.5
          },
          {
            "db": "PACKETSTORM",
            "id": "135613",
            "trust": 1.8
          },
          {
            "db": "EXPLOIT-DB",
            "id": "39407",
            "trust": 1.7
          },
          {
            "db": "BID",
            "id": "82583",
            "trust": 1.5
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-008187",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-01187",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201602-369",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-69984",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-01187"
          },
          {
            "db": "VULHUB",
            "id": "VHN-69984"
          },
          {
            "db": "BID",
            "id": "82583"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-008187"
          },
          {
            "db": "PACKETSTORM",
            "id": "135613"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-2045"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201602-369"
          }
        ]
      },
      "id": "VAR-201701-0533",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-01187"
          },
          {
            "db": "VULHUB",
            "id": "VHN-69984"
          }
        ],
        "trust": 1.7
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-01187"
          }
        ]
      },
      "last_update_date": "2023-12-18T12:20:10.949000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Multichannel VPN Router 300/310",
            "trust": 0.8,
            "url": "https://www.viprinet.com/en/products/multichannel-vpn-router-modular/multichannel-vpn-router-300-310"
          },
          {
            "title": "Patch for ViprinetEuropeMultichannelVPNRouter300 Cross-Site Scripting Vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/71678"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-01187"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-008187"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-79",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-69984"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-008187"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-2045"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.6,
            "url": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2045/"
          },
          {
            "trust": 2.0,
            "url": "http://seclists.org/fulldisclosure/2016/feb/8"
          },
          {
            "trust": 1.7,
            "url": "https://www.exploit-db.com/exploits/39407/"
          },
          {
            "trust": 1.7,
            "url": "http://packetstormsecurity.com/files/135613/viprinet-multichannel-vpn-router-300-cross-site-scripting.html"
          },
          {
            "trust": 1.2,
            "url": "http://www.securityfocus.com/bid/82583"
          },
          {
            "trust": 1.1,
            "url": "http://www.securityfocus.com/archive/1/537441/100/0/threaded"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2045"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2045"
          },
          {
            "trust": 0.6,
            "url": "http://www.securityfocus.com/archive/1/archive/1/537441/100/0/threaded"
          },
          {
            "trust": 0.3,
            "url": "https://www.viprinet.com/en/products/multichannel-vpn-router-modular/multichannel-vpn-router-300-310"
          },
          {
            "trust": 0.1,
            "url": "http://\u003chost\u003e/exec?tool=ping\u0026sessionid=\u003csessionid\u003e\u0026sourceobject=waninterfacelist.object__0\u0026module=configtools\u0026host=%22%3e%3cscript%3ealert%281%29%3c%2fscript%3e\u0026pingcount=3\u0026databytes=56"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2014-2045"
          },
          {
            "trust": 0.1,
            "url": "http://\u003chost\u003e/exec?tool=atcommands\u0026sessionid=\u003csessionid\u003e\u0026sourceobject=waninterfacelist.object__0\u0026module=configtools\u0026commands=%3cscript%3ealert%281%29%3c%2fscript%3e"
          },
          {
            "trust": 0.1,
            "url": "http://\u003chost\u003e/exec?module=config\u0026sessionid=\u003csessionid\u003e\u0026inspect=%3cscript%20src=http://localhost:9090%3e%3c/script%3e"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-01187"
          },
          {
            "db": "VULHUB",
            "id": "VHN-69984"
          },
          {
            "db": "BID",
            "id": "82583"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-008187"
          },
          {
            "db": "PACKETSTORM",
            "id": "135613"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-2045"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201602-369"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-01187"
          },
          {
            "db": "VULHUB",
            "id": "VHN-69984"
          },
          {
            "db": "BID",
            "id": "82583"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-008187"
          },
          {
            "db": "PACKETSTORM",
            "id": "135613"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-2045"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201602-369"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2016-02-23T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2016-01187"
          },
          {
            "date": "2017-01-20T00:00:00",
            "db": "VULHUB",
            "id": "VHN-69984"
          },
          {
            "date": "2016-02-03T00:00:00",
            "db": "BID",
            "id": "82583"
          },
          {
            "date": "2017-01-31T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2014-008187"
          },
          {
            "date": "2016-02-05T19:02:22",
            "db": "PACKETSTORM",
            "id": "135613"
          },
          {
            "date": "2017-01-20T15:59:00.147000",
            "db": "NVD",
            "id": "CVE-2014-2045"
          },
          {
            "date": "2016-02-19T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201602-369"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2016-02-23T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2016-01187"
          },
          {
            "date": "2018-10-09T00:00:00",
            "db": "VULHUB",
            "id": "VHN-69984"
          },
          {
            "date": "2016-07-05T21:22:00",
            "db": "BID",
            "id": "82583"
          },
          {
            "date": "2017-01-31T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2014-008187"
          },
          {
            "date": "2018-10-09T19:43:08.283000",
            "db": "NVD",
            "id": "CVE-2014-2045"
          },
          {
            "date": "2017-02-04T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201602-369"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201602-369"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Viprinet Europe Multichannel VPN Router 300 Cross-Site Scripting Vulnerability",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-01187"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201602-369"
          }
        ],
        "trust": 1.2
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "xss",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "135613"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201602-369"
          }
        ],
        "trust": 0.7
      }
    }

    VAR-201701-0627

    Vulnerability from variot - Updated: 2023-12-18 12:20

    The hardware VPN client in Viprinet MultichannelVPN Router 300 version 2013070830/2013080900 does not validate the remote VPN endpoint identity (through the checking of the endpoint's SSL key) before initiating the exchange, which allows an attacker to perform a Man in the Middle attack. ViprinetEuropeMultichannelVPNRouter300 is a multi-channel VPN router product from ViprinetEurope, Germany. A security vulnerability exists in ViprinetEuropeMultichannelVPNRouter300 that caused the program to fail to validate the certificate. An attacker could exploit the vulnerability to perform a man-in-the-middle attack and impersonate a trusted server. Multiple cross-site scripting vulnerabilities 2. An HTML-injection vulnerability 3. Multiple security-bypass vulnerabilities An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials and to launch other attacks, perform man-in-the-middle attacks and impersonate trusted servers or bypass certain security restrictions and perform unauthorized actions.

    In this example, we perform a downgrade attack from protocol version 3 to protocol version 2, however as noted in the impact, version 3 of the protocol is similarly affected.
    
    Note: MITRE have assigned CVE-2014-9754 to reference the missing certificate validation and CVE-2014-9755 to reference the protocol downgrade attack.
    

    Further details at: https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-9754-cve-2014-9755/

    Copyright: Copyright (c) Portcullis Computer Security Limited 2015, All rights reserved worldwide. Permission is hereby granted for the electronic redistribution of this information. It is not to be edited or altered in any way without the express written consent of Portcullis Computer Security Limited.

    Disclaimer: The information herein contained may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (Portcullis Computer Security Limited) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201701-0627",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "multichannel vpn router 300",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "viprinet",
            "version": "2013070830"
          },
          {
            "model": "multichannel vpn router 300",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "viprinet",
            "version": "2013080900"
          },
          {
            "model": "multichannel vpn router 300",
            "scope": null,
            "trust": 0.8,
            "vendor": "viprinet europe",
            "version": null
          },
          {
            "model": "multichannel vpn router 300",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "viprinet europe",
            "version": "2013070830"
          },
          {
            "model": "multichannel vpn router 300",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "viprinet europe",
            "version": "2013080900"
          },
          {
            "model": "europe multichannel vpn router",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "viprinet",
            "version": "300"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-01188"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-008188"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-9754"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201602-368"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:viprinet:multichannel_vpn_router_300_firmware:2013080900:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      },
                      {
                        "cpe23Uri": "cpe:2.3:o:viprinet:multichannel_vpn_router_300_firmware:2013070830:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:viprinet:multichannel_vpn_router_300:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2014-9754"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Tim Brown",
        "sources": [
          {
            "db": "BID",
            "id": "82583"
          },
          {
            "db": "PACKETSTORM",
            "id": "135614"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201602-368"
          }
        ],
        "trust": 1.0
      },
      "cve": "CVE-2014-9754",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Medium",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 4.3,
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "CVE-2014-9754",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "CNVD-2016-01188",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "VHN-77699",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 2.2,
                "impactScore": 3.6,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.0"
              },
              {
                "attackComplexity": "High",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 5.9,
                "baseSeverity": "Medium",
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "CVE-2014-9754",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2014-9754",
                "trust": 1.8,
                "value": "MEDIUM"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2016-01188",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201602-368",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-77699",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-01188"
          },
          {
            "db": "VULHUB",
            "id": "VHN-77699"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-008188"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-9754"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201602-368"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The hardware VPN client in Viprinet MultichannelVPN Router 300 version 2013070830/2013080900 does not validate the remote VPN endpoint identity (through the checking of the endpoint\u0027s SSL key) before initiating the exchange, which allows an attacker to perform a Man in the Middle attack. ViprinetEuropeMultichannelVPNRouter300 is a multi-channel VPN router product from ViprinetEurope, Germany. A security vulnerability exists in ViprinetEuropeMultichannelVPNRouter300 that caused the program to fail to validate the certificate. An attacker could exploit the vulnerability to perform a man-in-the-middle attack and impersonate a trusted server. Multiple cross-site scripting vulnerabilities\n2. An HTML-injection vulnerability\n3. Multiple security-bypass vulnerabilities\nAn attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials and to launch other attacks, perform man-in-the-middle attacks and impersonate trusted servers or bypass certain security restrictions and perform unauthorized actions. \n\n\tIn this example, we perform a downgrade attack from protocol version 3 to protocol version 2, however as noted in the impact, version 3 of the protocol is similarly affected. \n\n\tNote: MITRE have assigned CVE-2014-9754 to reference the missing certificate validation and CVE-2014-9755 to reference the protocol downgrade attack. \n \n\n      \nFurther details at: https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-9754-cve-2014-9755/\n\nCopyright:\nCopyright (c) Portcullis Computer Security Limited 2015, All rights reserved worldwide. Permission is hereby granted for the electronic redistribution of this information. It is not to be edited or altered in any way without the express written consent of Portcullis Computer Security Limited. \n\nDisclaimer:\nThe information herein contained may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user\u0027s risk. In no event shall the author/distributor (Portcullis Computer Security Limited) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2014-9754"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-008188"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-01188"
          },
          {
            "db": "BID",
            "id": "82583"
          },
          {
            "db": "VULHUB",
            "id": "VHN-77699"
          },
          {
            "db": "PACKETSTORM",
            "id": "135614"
          }
        ],
        "trust": 2.61
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2014-9754",
            "trust": 3.5
          },
          {
            "db": "PACKETSTORM",
            "id": "135614",
            "trust": 1.8
          },
          {
            "db": "BID",
            "id": "82583",
            "trust": 1.5
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-008188",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-01188",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201602-368",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-77699",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-01188"
          },
          {
            "db": "VULHUB",
            "id": "VHN-77699"
          },
          {
            "db": "BID",
            "id": "82583"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-008188"
          },
          {
            "db": "PACKETSTORM",
            "id": "135614"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-9754"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201602-368"
          }
        ]
      },
      "id": "VAR-201701-0627",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-01188"
          },
          {
            "db": "VULHUB",
            "id": "VHN-77699"
          }
        ],
        "trust": 1.7
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-01188"
          }
        ]
      },
      "last_update_date": "2023-12-18T12:20:10.911000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Multichannel VPN Router 300/310",
            "trust": 0.8,
            "url": "https://www.viprinet.com/en/products/multichannel-vpn-router-modular/multichannel-vpn-router-300-310"
          },
          {
            "title": "ViprinetEuropeMultichannelVPNRouter300 man-in-the-middle attack vulnerability patch",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/71679"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-01188"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-008188"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-20",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-77699"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-008188"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-9754"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.0,
            "url": "http://seclists.org/fulldisclosure/2016/feb/8"
          },
          {
            "trust": 1.7,
            "url": "http://packetstormsecurity.com/files/135614/viprinet-multichannel-vpn-router-300-identity-verification-fail.html"
          },
          {
            "trust": 1.2,
            "url": "http://www.securityfocus.com/bid/82583"
          },
          {
            "trust": 1.1,
            "url": "http://www.securityfocus.com/archive/1/537441/100/0/threaded"
          },
          {
            "trust": 0.9,
            "url": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-9754-cve-2014-9755/"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9754"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-9754"
          },
          {
            "trust": 0.6,
            "url": "http://www.securityfocus.com/archive/1/archive/1/537441/100/0/threaded"
          },
          {
            "trust": 0.3,
            "url": "https://www.viprinet.com/en/products/multichannel-vpn-router-modular/multichannel-vpn-router-300-310"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9755"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9754"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-01188"
          },
          {
            "db": "VULHUB",
            "id": "VHN-77699"
          },
          {
            "db": "BID",
            "id": "82583"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-008188"
          },
          {
            "db": "PACKETSTORM",
            "id": "135614"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-9754"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201602-368"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-01188"
          },
          {
            "db": "VULHUB",
            "id": "VHN-77699"
          },
          {
            "db": "BID",
            "id": "82583"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-008188"
          },
          {
            "db": "PACKETSTORM",
            "id": "135614"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-9754"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201602-368"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2016-02-23T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2016-01188"
          },
          {
            "date": "2017-01-20T00:00:00",
            "db": "VULHUB",
            "id": "VHN-77699"
          },
          {
            "date": "2016-02-03T00:00:00",
            "db": "BID",
            "id": "82583"
          },
          {
            "date": "2017-01-31T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2014-008188"
          },
          {
            "date": "2016-02-05T16:22:22",
            "db": "PACKETSTORM",
            "id": "135614"
          },
          {
            "date": "2017-01-20T15:59:00.193000",
            "db": "NVD",
            "id": "CVE-2014-9754"
          },
          {
            "date": "2016-02-19T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201602-368"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2016-02-23T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2016-01188"
          },
          {
            "date": "2018-10-09T00:00:00",
            "db": "VULHUB",
            "id": "VHN-77699"
          },
          {
            "date": "2016-07-05T21:22:00",
            "db": "BID",
            "id": "82583"
          },
          {
            "date": "2017-01-31T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2014-008188"
          },
          {
            "date": "2018-10-09T19:55:12.827000",
            "db": "NVD",
            "id": "CVE-2014-9754"
          },
          {
            "date": "2017-02-04T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201602-368"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "135614"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201602-368"
          }
        ],
        "trust": 0.7
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Viprinet Multichannel VPN Router 300 Hardware  VPN Man-in-the-middle vulnerability in a client",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-008188"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "input validation",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201602-368"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201810-1609

    Vulnerability from variot - Updated: 2022-05-04 10:22

    ViprinetVPNHubRouter is a multi-channel VPN router product from ViprinetEurope, Germany. ViprinetVPNHubRouter has a cross-site scripting vulnerability that stems from the lack of input validation and output escaping mechanisms on the CLI interface. By exploiting this vulnerability, an attacker can obtain sensitive information (for example, a private key) or modify the SSL certificate fingerprint of a remote router used in a VPN tunnel.

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201810-1609",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "europe vpn hub router",
            "scope": null,
            "trust": 0.6,
            "vendor": "viprinet",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-21468"
          }
        ]
      },
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "CNVD-2018-21468",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "CNVD",
                "id": "CNVD-2018-21468",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-21468"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "ViprinetVPNHubRouter is a multi-channel VPN router product from ViprinetEurope, Germany. ViprinetVPNHubRouter has a cross-site scripting vulnerability that stems from the lack of input validation and output escaping mechanisms on the CLI interface. By exploiting this vulnerability, an attacker can obtain sensitive information (for example, a private key) or modify the SSL certificate fingerprint of a remote router used in a VPN tunnel.",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-21468"
          }
        ],
        "trust": 0.6
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-21468",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-21468"
          }
        ]
      },
      "id": "VAR-201810-1609",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-21468"
          }
        ],
        "trust": 1.6
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-21468"
          }
        ]
      },
      "last_update_date": "2022-05-04T10:22:13.542000Z",
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 0.6,
            "url": "https://seclists.org/fulldisclosure/2018/oct/41"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-21468"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-21468"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-10-23T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-21468"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-10-23T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-21468"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Viprinet VPN Hub Router Cross-Site Scripting Vulnerability",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-21468"
          }
        ],
        "trust": 0.6
      }
    }