PT-2015-3669 · D Link · D-Link Dap-1360
Published
2015-01-13
·
Updated
2023-04-26
·
CVE-2014-10025
CVSS v2.0
6.8
Medium
| Vector | AV:N/AC:M/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
D-Link DAP-1360 versions 2.5.4 and earlier
Description
The issue allows remote attackers to hijack the authentication of unspecified users for requests that change various settings, including Enable Wireless, MBSSID, BSSID, Hide Access Point, SSID, Country, Channel, Wireless mode, or Max Associated Clients, via a crafted request to "index.cgi".
Recommendations
For D-Link DAP-1360 versions 2.5.4 and earlier, as a temporary workaround, consider restricting access to the "index.cgi" endpoint until a patch is available.
Exploit
Fix
CSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
D-Link Dap-1360