CVE-2014-3760

Name of the Vulnerable Software and Affected Versions D-Link DAP 1150 version 1.2.94

Description The issue allows remote attackers to hijack the authentication of administrators for various requests, including enabling or disabling the DMZ in the Firewall/DMZ section via a request to "index.cgi", and adding, modifying, or deleting URL-filter settings in the Control/URL-filter section via a request to "index.cgi". For example, an attacker could add a rule that blocks access to google.com.

Recommendations For D-Link DAP 1150 version 1.2.94, consider disabling access to the "index.cgi" endpoint until a patch is available to prevent exploitation of the CSRF vulnerabilities. Restrict access to the Firewall/DMZ and Control/URL-filter sections to minimize the risk of unauthorized changes. Avoid using the vulnerable firmware version until an update is released. At the moment, there is no information about a newer version that contains a fix for this vulnerability.