CVE-2014-3760

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2014-3760
Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DAP 1150 with firmware 1.2.94 allow remote attackers to hijack the authentication of administrators for requests that (1) enable or (2) disable the DMZ in the Firewall/DMZ section via a request to index.cgi or (3) add, (4) modify, or (5) delete URL-filter settings in the Control/URL-filter section via a request to index.cgi, as demonstrated by adding a rule that blocks access to google.com.

6.8 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
http://seclists.org/fulldisclosure/2014/Apr/246 Exploit
http://websecurity.com.ua/7112 Exploit
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:dlink:dap_1150_firmware:1.2.94:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dap_1150:-:*:*:*:*:*:*:*
History

26 Apr 2023, 19:27

Type Values Removed Values Added
CPE cpe:2.3:h:d-link:dap_1150:-:*:*:*:*:*:*:*
cpe:2.3:o:d-link:dap_1150_firmware:1.2.94:*:*:*:*:*:*:*		 cpe:2.3:h:dlink:dap_1150:-:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dap_1150_firmware:1.2.94:*:*:*:*:*:*:*
Information

Published : 2014-05-16 14:55

Updated : 2024-02-04 18:35

NVD link : CVE-2014-3760

Mitre link : CVE-2014-3760

CVE.ORG link : CVE-2014-3760

JSON object : View

Products Affected

dlink

  • dap_1150
  • dap_1150_firmware
CWE
CWE-352

Cross-Site Request Forgery (CSRF)