CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 2CVE-2014-10025
https://notcve.org/view.php?id=CVE-2014-10025
Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DAP-1360 with firmware 2.5.4 and earlier allow remote attackers to hijack the authentication of unspecified users for requests that change the (1) Enable Wireless, (2) MBSSID, (3) BSSID, (4) Hide Access Point, (5) SSID, (6) Country, (7) Channel, (8) Wireless mode, or (9) Max Associated Clients setting via a crafted request to index.cgi. Múltiples vulnerabilidades de CSRF en D-Link DAP-1360 con firmware 2.5.4 y anteriores permiten a atacantes remotos secuestrar la autenticación de usuarios no especificados para solicitudes que cambian la configuración (1) Enable Wireless, (2) MBSSID, (3) BSSID, (4) Hide Access Point, (5) SSID, (6) Country, (7) Channel, (8) Wireless mode, o (9) Max Associated Clients a través de una solicitud manipulada a index.cgi. • http://seclists.org/fulldisclosure/2014/Nov/19 http://websecurity.com.ua/7179 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 2CVE-2014-10026
https://notcve.org/view.php?id=CVE-2014-10026
index.cgi in D-Link DAP-1360 with firmware 2.5.4 and earlier allows remote attackers to bypass authentication and obtain sensitive information by setting the client_login cookie to admin. index.cgi en D-Link DAP-1360 con firmware 2.5.4 y anteriores permite a atacantes remotos evadir la autenticación y obtener información sensible mediante la configuración de la cookie client_login en admin. • http://seclists.org/fulldisclosure/2014/Nov/19 http://websecurity.com.ua/7179 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •