CVE-2014-10025

Published: Jan 13, 2015Modified: May 6, 2026

6.8

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability: 8.6 / Impact: 6.4

Source: NVD

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DAP-1360 with firmware 2.5.4 and earlier allow remote attackers to hijack the authentication of unspecified users for requests that change the (1) Enable Wireless, (2) MBSSID, (3) BSSID, (4) Hide Access Point, (5) SSID, (6) Country, (7) Channel, (8) Wireless mode, or (9) Max Associated Clients setting via a crafted request to index.cgi.

Affected (1)

Products: Dlink: Dap 1360 Firmware

1 product

Dap 1360 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dlink Dap 1360 Firmware	Up to 2.5.4

Running on/with	Platform Versions
Dlink Dap 1360	All versions

Related CWEs

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (4)

http://seclists.org/fulldisclosure/2014/Nov/19

Source: cve@mitre.org

Exploit

http://websecurity.com.ua/7179/

Source: cve@mitre.org

Exploit

http://seclists.org/fulldisclosure/2014/Nov/19

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://websecurity.com.ua/7179/

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

Timeline

No history available yet.