Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-10025

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2014-10025
Last Modified 13 Jan 2015 07:31:14
Published 13 Jan 2015 06:59:32
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2014-10025

Summary

Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DAP-1360 with firmware 2.5.4 and earlier allow remote attackers to hijack the authentication of unspecified users for requests that change the (1) Enable Wireless, (2) MBSSID, (3) BSSID, (4) Hide Access Point, (5) SSID, (6) Country, (7) Channel, (8) Wireless mode, or (9) Max Associated Clients setting via a crafted request to index.cgi.

Vulnerable Systems

Application

  • D-link Dap-1360 Firmware 2.5.4


References

MISC - http://websecurity.com.ua/7179/

FULLDISC - 20141109 IL and CSRF vulnerabilities in D-Link DAP-1360


Last Updated: 27 May 2016 11:07:31