CVE-2014-10028

Name of the Vulnerable Software and Affected Versions D-Link DAP-1360 router versions 2.5.4 and later

Description A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via the res buf parameter to "index.cgi" when res config id is set to 41. This could potentially lead to unauthorized actions on the affected device.

Recommendations For D-Link DAP-1360 router versions 2.5.4 and later, avoid using the res buf parameter in the "index.cgi" endpoint until a fix is available. As a temporary workaround, consider restricting access to the "index.cgi" endpoint to minimize the risk of exploitation.