5 results (0.009 seconds)

CVSS: 5.3EPSS: 0%CPEs: 88EXPL: 1

A vulnerability classified as critical was found in D-Link DAP-1360, DIR-300, DIR-615, DIR-615GF, DIR-615S, DIR-615T, DIR-620, DIR-620S, DIR-806A, DIR-815, DIR-815AC, DIR-815S, DIR-816, DIR-820, DIR-822, DIR-825, DIR-825AC, DIR-825ACF, DIR-825ACG1, DIR-841, DIR-842, DIR-842S, DIR-843, DIR-853, DIR-878, DIR-882, DIR-1210, DIR-1260, DIR-2150, DIR-X1530, DIR-X1860, DSL-224, DSL-245GR, DSL-2640U, DSL-2750U, DSL-G2452GR, DVG-5402G, DVG-5402G, DVG-5402GFRU, DVG-N5402G, DVG-N5402G-IL, DWM-312W, DWM-321, DWR-921, DWR-953 and Good Line Router v2 up to 20240112. This vulnerability affects unknown code of the file /devinfo of the component HTTP GET Request Handler. The manipulation of the argument area with the input notice|net|version leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/999zzzzz/D-Link https://vuldb.com/?ctiid.251542 https://vuldb.com/?id.251542 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 2

Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DAP-1360 router with firmware 2.5.4 and earlier allow remote attackers to hijack the authentication of unspecified users for requests that (1) change the MAC filter restrict mode, (2) add a MAC address to the filter, or (3) remove a MAC address from the filter via a crafted request to index.cgi. Múltiples vulnerabilidades de CSRF en el router D-Link DAP-1360 con firmware 2.5.4 y anteruiores permiten a atacantes remotos secuestrar la autenticación de usuarios no especificados para solicitudes que (1) cambian el modo de restricción del filtro MAC, (2) añaden una dirección MAC al filtro, o (3) eliminan una dirección MAC del filtro a través de una solicitud manipulada a index.cgi. • http://seclists.org/fulldisclosure/2014/Nov/100 http://websecurity.com.ua/7215 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 2

Cross-site scripting (XSS) vulnerability in D-Link DAP-1360 router with firmware 2.5.4 and later allows remote attackers to inject arbitrary web script or HTML via the res_buf parameter to index.cgi when res_config_id is set to 41. Vulnerabilidad de XSS en el router D-Link DAP-1360 con firmware 2.5.4 y posteriores permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro res_buf parameter en index.cgi cuando res_config_id está configurado a 41. • http://seclists.org/fulldisclosure/2014/Nov/100 http://websecurity.com.ua/7215 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 2

Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DAP-1360 with firmware 2.5.4 and earlier allow remote attackers to hijack the authentication of unspecified users for requests that change the (1) Enable Wireless, (2) MBSSID, (3) BSSID, (4) Hide Access Point, (5) SSID, (6) Country, (7) Channel, (8) Wireless mode, or (9) Max Associated Clients setting via a crafted request to index.cgi. Múltiples vulnerabilidades de CSRF en D-Link DAP-1360 con firmware 2.5.4 y anteriores permiten a atacantes remotos secuestrar la autenticación de usuarios no especificados para solicitudes que cambian la configuración (1) Enable Wireless, (2) MBSSID, (3) BSSID, (4) Hide Access Point, (5) SSID, (6) Country, (7) Channel, (8) Wireless mode, o (9) Max Associated Clients a través de una solicitud manipulada a index.cgi. • http://seclists.org/fulldisclosure/2014/Nov/19 http://websecurity.com.ua/7179 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 2

index.cgi in D-Link DAP-1360 with firmware 2.5.4 and earlier allows remote attackers to bypass authentication and obtain sensitive information by setting the client_login cookie to admin. index.cgi en D-Link DAP-1360 con firmware 2.5.4 y anteriores permite a atacantes remotos evadir la autenticación y obtener información sensible mediante la configuración de la cookie client_login en admin. • http://seclists.org/fulldisclosure/2014/Nov/19 http://websecurity.com.ua/7179 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •