CVE-2014-10027

Name of the Vulnerable Software and Affected Versions D-Link DAP-1360 router versions 2.5.4 and earlier

Description The issue allows remote attackers to hijack the authentication of unspecified users for requests, including changing the MAC filter restrict mode, adding a MAC address to the filter, or removing a MAC address from the filter via a crafted request to "index.cgi".

Recommendations For D-Link DAP-1360 router versions 2.5.4 and earlier, consider disabling access to the "index.cgi" endpoint until a patch is available. Restrict access to the MAC filter configuration to minimize the risk of exploitation. Avoid using the MAC filter functionality in the affected firmware versions until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.