CVE-2014-10025

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2014-10025
Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DAP-1360 with firmware 2.5.4 and earlier allow remote attackers to hijack the authentication of unspecified users for requests that change the (1) Enable Wireless, (2) MBSSID, (3) BSSID, (4) Hide Access Point, (5) SSID, (6) Country, (7) Channel, (8) Wireless mode, or (9) Max Associated Clients setting via a crafted request to index.cgi.

6.8 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
http://seclists.org/fulldisclosure/2014/Nov/19 Exploit
http://websecurity.com.ua/7179/ Exploit
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:dlink:dap-1360_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dap-1360:-:*:*:*:*:*:*:*
History

26 Apr 2023, 19:38

Type Values Removed Values Added
First Time Dlink
Dlink dap-1360
Dlink dap-1360 Firmware
CPE cpe:2.3:a:d-link:dap-1360_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:d-link:dap-1360:-:*:*:*:*:*:*:*		 cpe:2.3:h:dlink:dap-1360:-:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dap-1360_firmware:*:*:*:*:*:*:*:*
Information

Published : 2015-01-13 11:59

Updated : 2023-12-10 11:31

NVD link : CVE-2014-10025

Mitre link : CVE-2014-10025

CVE.ORG link : CVE-2014-10025

JSON object : View

Products Affected

dlink

  • dap-1360
  • dap-1360_firmware
CWE
CWE-352

Cross-Site Request Forgery (CSRF)