Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DAP-1360 with firmware 2.5.4 and earlier allow remote attackers to hijack the authentication of unspecified users for requests that change the (1) Enable Wireless, (2) MBSSID, (3) BSSID, (4) Hide Access Point, (5) SSID, (6) Country, (7) Channel, (8) Wireless mode, or (9) Max Associated Clients setting via a crafted request to index.cgi.
References
Link | Resource |
---|---|
http://seclists.org/fulldisclosure/2014/Nov/19 | Exploit |
http://websecurity.com.ua/7179/ | Exploit |
http://seclists.org/fulldisclosure/2014/Nov/19 | Exploit |
http://websecurity.com.ua/7179/ | Exploit |
Configurations
Configuration 1 (hide)
AND |
|
History
21 Nov 2024, 02:03
Type | Values Removed | Values Added |
---|---|---|
References | () http://seclists.org/fulldisclosure/2014/Nov/19 - Exploit | |
References | () http://websecurity.com.ua/7179/ - Exploit |
26 Apr 2023, 19:38
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:d-link:dap-1360_firmware:*:*:*:*:*:*:*:* |
cpe:2.3:h:dlink:dap-1360:-:*:*:*:*:*:*:* cpe:2.3:o:dlink:dap-1360_firmware:*:*:*:*:*:*:*:* |
Information
Published : 2015-01-13 11:59
Updated : 2024-11-21 02:03
NVD link : CVE-2014-10025
Mitre link : CVE-2014-10025
CVE.ORG link : CVE-2014-10025
JSON object : View
Products Affected
dlink
- dap-1360
- dap-1360_firmware
CWE
CWE-352
Cross-Site Request Forgery (CSRF)