CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 2CVE-2014-10026
https://notcve.org/view.php?id=CVE-2014-10026
13 Jan 2015 — index.cgi in D-Link DAP-1360 with firmware 2.5.4 and earlier allows remote attackers to bypass authentication and obtain sensitive information by setting the client_login cookie to admin. index.cgi en D-Link DAP-1360 con firmware 2.5.4 y anteriores permite a atacantes remotos evadir la autenticación y obtener información sensible mediante la configuración de la cookie client_login en admin. • http://seclists.org/fulldisclosure/2014/Nov/19 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 2CVE-2014-10028
https://notcve.org/view.php?id=CVE-2014-10028
13 Jan 2015 — Cross-site scripting (XSS) vulnerability in D-Link DAP-1360 router with firmware 2.5.4 and later allows remote attackers to inject arbitrary web script or HTML via the res_buf parameter to index.cgi when res_config_id is set to 41. Vulnerabilidad de XSS en el router D-Link DAP-1360 con firmware 2.5.4 y posteriores permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro res_buf parameter en index.cgi cuando res_config_id está configurado a 41. • http://seclists.org/fulldisclosure/2014/Nov/100 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •