CVE-2014-10026

Name of the Vulnerable Software and Affected Versions D-Link DAP-1360 versions 2.5.4 and earlier

Description The issue allows remote attackers to bypass authentication and obtain sensitive information. This is achieved by setting the client login cookie to admin.

Recommendations For D-Link DAP-1360 versions 2.5.4 and earlier, consider updating the firmware to a version later than 2.5.4 as a permanent solution. As a temporary workaround, restrict access to the index.cgi page to minimize the risk of exploitation. Avoid using the client login cookie with the value admin in the index.cgi page until the issue is resolved.