var-201701-0533
Vulnerability from variot
Multiple cross-site scripting (XSS) vulnerabilities in the old and new interfaces in Viprinet Multichannel VPN Router 300 allow remote attackers to inject arbitrary web script or HTML via the username when (1) logging in or (2) creating an account in the old interface, (3) username when creating an account in the new interface, (4) hostname in the old interface, (5) inspect parameter in the config module, (6) commands parameter in the atcommands tool, or (7) host parameter in the ping tool. ViprinetEuropeMultichannelVPNRouter300 is a multi-channel VPN router product from ViprinetEurope, Germany. A cross-site scripting vulnerability exists in ViprinetEuropeMultichannelVPNRouter300. An attacker could exploit this vulnerability to inject arbitrary web scripts or HTML. An HTML-injection vulnerability 3. Multiple security-bypass vulnerabilities An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials and to launch other attacks, perform man-in-the-middle attacks and impersonate trusted servers or bypass certain security restrictions and perform unauthorized actions. This is a normal feature of many applications, however, in this instance the application failed to restrict the type of data that could be stored and also failed to sanitise it, meaning that it could not be safely rendered by the browser.
Stored cross-site scripting could be triggered by:
Attempting to login with a username of `<script>alert(1)</script>’ (affects `old’ interface and results in post-authentication cross-site Scripting when a legitimate administrator views the realtime log)
Creating an account with a username of `<script>alert(1)</script>’ (affects both `old’ and `new’ interfaces once created)
Setting the device’s hostname to `<script>alert(1)</script>’ (affects `old’ interface once created)
A number of locations were identified as being vulnerable to reflective attacks, including:
http:///exec?module=config&sessionid=&inspect=%3Cscript%20src=http://localhost:9090%3E%3C/script%3E http:///exec?tool=atcommands&sessionid=&sourceobject=WANINTERFACELIST.OBJECT__0&module=configtools&commands=%3Cscript%3Ealert%281%29%3C%2Fscript%3E http:///exec?tool=ping&sessionid=&sourceobject=WANINTERFACELIST.OBJECT__0&module=configtools&host=%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E&pingcount=3&databytes=56
The inclusion of session IDs in all URLs partially mitigates the reflective cross-site scripting but could itself be considered a vulnerability since it is included in referred headers and log files.
These are simply some examples of how this attack might be performed, and the it is believed that both the `old’ and `new’ web applications are systemically vulnerable to this.
Further details at:
https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2045/
Copyright: Copyright (c) Portcullis Computer Security Limited 2015, All rights reserved worldwide. Permission is hereby granted for the electronic redistribution of this information. It is not to be edited or altered in any way without the express written consent of Portcullis Computer Security Limited.
Disclaimer: The information herein contained may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (Portcullis Computer Security Limited) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201701-0533",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "multichannel vpn router 300",
"scope": "eq",
"trust": 1.6,
"vendor": "viprinet",
"version": "2013070830"
},
{
"model": "multichannel vpn router 300",
"scope": "eq",
"trust": 1.6,
"vendor": "viprinet",
"version": "2013080900"
},
{
"model": "multichannel vpn router 300",
"scope": null,
"trust": 0.8,
"vendor": "viprinet europe",
"version": null
},
{
"model": "multichannel vpn router 300",
"scope": "eq",
"trust": 0.8,
"vendor": "viprinet europe",
"version": "2013070830"
},
{
"model": "multichannel vpn router 300",
"scope": "eq",
"trust": 0.8,
"vendor": "viprinet europe",
"version": "2013080900"
},
{
"model": "europe multichannel vpn router",
"scope": "eq",
"trust": 0.6,
"vendor": "viprinet",
"version": "300"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-01187"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008187"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-369"
},
{
"db": "NVD",
"id": "CVE-2014-2045"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:viprinet:multichannel_vpn_router_300",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:viprinet:multichannel_vpn_router_300_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-008187"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Tim Brown",
"sources": [
{
"db": "BID",
"id": "82583"
},
{
"db": "PACKETSTORM",
"id": "135613"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-369"
}
],
"trust": 1.0
},
"cve": "CVE-2014-2045",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2014-2045",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2016-01187",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-69984",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"id": "CVE-2014-2045",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-2045",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2014-2045",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2016-01187",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201602-369",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-69984",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-01187"
},
{
"db": "VULHUB",
"id": "VHN-69984"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008187"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-369"
},
{
"db": "NVD",
"id": "CVE-2014-2045"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple cross-site scripting (XSS) vulnerabilities in the old and new interfaces in Viprinet Multichannel VPN Router 300 allow remote attackers to inject arbitrary web script or HTML via the username when (1) logging in or (2) creating an account in the old interface, (3) username when creating an account in the new interface, (4) hostname in the old interface, (5) inspect parameter in the config module, (6) commands parameter in the atcommands tool, or (7) host parameter in the ping tool. ViprinetEuropeMultichannelVPNRouter300 is a multi-channel VPN router product from ViprinetEurope, Germany. A cross-site scripting vulnerability exists in ViprinetEuropeMultichannelVPNRouter300. An attacker could exploit this vulnerability to inject arbitrary web scripts or HTML. An HTML-injection vulnerability\n3. Multiple security-bypass vulnerabilities\nAn attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials and to launch other attacks, perform man-in-the-middle attacks and impersonate trusted servers or bypass certain security restrictions and perform unauthorized actions. This is a normal feature of many applications, however, in this instance the application failed to restrict the type of data that could be stored and also failed to sanitise it, meaning that it could not be safely rendered by the browser. \n\n\tStored cross-site scripting could be triggered by:\n\n\t\n\t\tAttempting to login with a username of `\u003cscript\u003ealert(1)\u003c/script\u003e\u2019 (affects `old\u2019 interface and results in post-authentication cross-site Scripting when a legitimate administrator views the realtime log)\n\t\tCreating an account with a username of `\u003cscript\u003ealert(1)\u003c/script\u003e\u2019 (affects both `old\u2019 and `new\u2019 interfaces once created)\n\t\tSetting the device\u2019s hostname to `\u003cscript\u003ealert(1)\u003c/script\u003e\u2019 (affects `old\u2019 interface once created)\n\t\n\n\tA number of locations were identified as being vulnerable to reflective attacks, including:\n\n\nhttp://\u003chost\u003e/exec?module=config\u0026sessionid=\u003csessionid\u003e\u0026inspect=%3Cscript%20src=http://localhost:9090%3E%3C/script%3E\nhttp://\u003chost\u003e/exec?tool=atcommands\u0026sessionid=\u003csessionid\u003e\u0026sourceobject=WANINTERFACELIST.OBJECT__0\u0026module=configtools\u0026commands=%3Cscript%3Ealert%281%29%3C%2Fscript%3E\nhttp://\u003chost\u003e/exec?tool=ping\u0026sessionid=\u003csessionid\u003e\u0026sourceobject=WANINTERFACELIST.OBJECT__0\u0026module=configtools\u0026host=%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E\u0026pingcount=3\u0026databytes=56\n\n\n\tThe inclusion of session IDs in all URLs partially mitigates the reflective cross-site scripting but could itself be considered a vulnerability since it is included in referred headers and log files. \n\n\tThese are simply some examples of how this attack might be performed, and the it is believed that both the `old\u2019 and `new\u2019 web applications are systemically vulnerable to this. \n \n\n \nFurther details at:\n\n https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2045/\n\n\n\nCopyright:\nCopyright (c) Portcullis Computer Security Limited 2015, All rights reserved worldwide. Permission is hereby granted for the electronic redistribution of this information. It is not to be edited or altered in any way without the express written consent of Portcullis Computer Security Limited. \n\nDisclaimer:\nThe information herein contained may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user\u0027s risk. In no event shall the author/distributor (Portcullis Computer Security Limited) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-2045"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008187"
},
{
"db": "CNVD",
"id": "CNVD-2016-01187"
},
{
"db": "BID",
"id": "82583"
},
{
"db": "VULHUB",
"id": "VHN-69984"
},
{
"db": "PACKETSTORM",
"id": "135613"
}
],
"trust": 2.61
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-69984",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-69984"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-2045",
"trust": 3.5
},
{
"db": "PACKETSTORM",
"id": "135613",
"trust": 1.8
},
{
"db": "EXPLOIT-DB",
"id": "39407",
"trust": 1.7
},
{
"db": "BID",
"id": "82583",
"trust": 1.5
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008187",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2016-01187",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201602-369",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-69984",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-01187"
},
{
"db": "VULHUB",
"id": "VHN-69984"
},
{
"db": "BID",
"id": "82583"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008187"
},
{
"db": "PACKETSTORM",
"id": "135613"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-369"
},
{
"db": "NVD",
"id": "CVE-2014-2045"
}
]
},
"id": "VAR-201701-0533",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-01187"
},
{
"db": "VULHUB",
"id": "VHN-69984"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-01187"
}
]
},
"last_update_date": "2024-11-23T22:18:08.091000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Multichannel VPN Router 300/310",
"trust": 0.8,
"url": "https://www.viprinet.com/en/products/multichannel-vpn-router-modular/multichannel-vpn-router-300-310"
},
{
"title": "Patch for ViprinetEuropeMultichannelVPNRouter300 Cross-Site Scripting Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/71678"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-01187"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008187"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-69984"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008187"
},
{
"db": "NVD",
"id": "CVE-2014-2045"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2045/"
},
{
"trust": 2.0,
"url": "http://seclists.org/fulldisclosure/2016/feb/8"
},
{
"trust": 1.7,
"url": "https://www.exploit-db.com/exploits/39407/"
},
{
"trust": 1.7,
"url": "http://packetstormsecurity.com/files/135613/viprinet-multichannel-vpn-router-300-cross-site-scripting.html"
},
{
"trust": 1.2,
"url": "http://www.securityfocus.com/bid/82583"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/537441/100/0/threaded"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2045"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2045"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/537441/100/0/threaded"
},
{
"trust": 0.3,
"url": "https://www.viprinet.com/en/products/multichannel-vpn-router-modular/multichannel-vpn-router-300-310"
},
{
"trust": 0.1,
"url": "http://\u003chost\u003e/exec?tool=ping\u0026sessionid=\u003csessionid\u003e\u0026sourceobject=waninterfacelist.object__0\u0026module=configtools\u0026host=%22%3e%3cscript%3ealert%281%29%3c%2fscript%3e\u0026pingcount=3\u0026databytes=56"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-2045"
},
{
"trust": 0.1,
"url": "http://\u003chost\u003e/exec?tool=atcommands\u0026sessionid=\u003csessionid\u003e\u0026sourceobject=waninterfacelist.object__0\u0026module=configtools\u0026commands=%3cscript%3ealert%281%29%3c%2fscript%3e"
},
{
"trust": 0.1,
"url": "http://\u003chost\u003e/exec?module=config\u0026sessionid=\u003csessionid\u003e\u0026inspect=%3cscript%20src=http://localhost:9090%3e%3c/script%3e"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-01187"
},
{
"db": "VULHUB",
"id": "VHN-69984"
},
{
"db": "BID",
"id": "82583"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008187"
},
{
"db": "PACKETSTORM",
"id": "135613"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-369"
},
{
"db": "NVD",
"id": "CVE-2014-2045"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2016-01187"
},
{
"db": "VULHUB",
"id": "VHN-69984"
},
{
"db": "BID",
"id": "82583"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008187"
},
{
"db": "PACKETSTORM",
"id": "135613"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-369"
},
{
"db": "NVD",
"id": "CVE-2014-2045"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-02-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-01187"
},
{
"date": "2017-01-20T00:00:00",
"db": "VULHUB",
"id": "VHN-69984"
},
{
"date": "2016-02-03T00:00:00",
"db": "BID",
"id": "82583"
},
{
"date": "2017-01-31T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-008187"
},
{
"date": "2016-02-05T19:02:22",
"db": "PACKETSTORM",
"id": "135613"
},
{
"date": "2016-02-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201602-369"
},
{
"date": "2017-01-20T15:59:00.147000",
"db": "NVD",
"id": "CVE-2014-2045"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-02-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-01187"
},
{
"date": "2018-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-69984"
},
{
"date": "2016-07-05T21:22:00",
"db": "BID",
"id": "82583"
},
{
"date": "2017-01-31T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-008187"
},
{
"date": "2017-02-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201602-369"
},
{
"date": "2024-11-21T02:05:31.613000",
"db": "NVD",
"id": "CVE-2014-2045"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201602-369"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Viprinet Europe Multichannel VPN Router 300 Cross-Site Scripting Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-01187"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-369"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "xss",
"sources": [
{
"db": "PACKETSTORM",
"id": "135613"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-369"
}
],
"trust": 0.7
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…