These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
CVE-2014-9755 affects Viprinet MultichannelVPN Router 300 firmware versions 2013070830 and 2013080900. The hardware VPN client does not validate the remote VPN endpoint’s identity by checking the endpoint SSL key before starting the exchange, which can allow a remote attacker to replay traffic or session material. The NVD record maps the issue to CWE-20 (Improper Input Validation) and rates it HIGH. Publi [truncated]
CVE-2014-9754 is a medium-severity issue in the hardware VPN client for Viprinet MultichannelVPN Router 300 firmware 2013070830 and 2013080900. The client may begin the VPN exchange without validating the remote endpoint’s SSL key, which can allow a man-in-the-middle attack against the VPN setup.
CVE-2014-2045 describes multiple cross-site scripting (XSS) flaws in the Viprinet Multichannel VPN Router 300 web interfaces. The issue spans several user-controlled fields in both the old and new management UI and can let attacker-supplied script or HTML run in an administrator’s browser when a page is rendered.