CVE-2014-10025
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
-Decision
Descriptions
Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DAP-1360 with firmware 2.5.4 and earlier allow remote attackers to hijack the authentication of unspecified users for requests that change the (1) Enable Wireless, (2) MBSSID, (3) BSSID, (4) Hide Access Point, (5) SSID, (6) Country, (7) Channel, (8) Wireless mode, or (9) Max Associated Clients setting via a crafted request to index.cgi.
Múltiples vulnerabilidades de CSRF en D-Link DAP-1360 con firmware 2.5.4 y anteriores permiten a atacantes remotos secuestrar la autenticación de usuarios no especificados para solicitudes que cambian la configuración (1) Enable Wireless, (2) MBSSID, (3) BSSID, (4) Hide Access Point, (5) SSID, (6) Country, (7) Channel, (8) Wireless mode, o (9) Max Associated Clients a través de una solicitud manipulada a index.cgi.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2015-01-13 CVE Reserved
- 2015-01-13 CVE Published
- 2024-09-16 CVE Updated
- 2024-09-16 First Exploit
- 2024-09-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-352: Cross-Site Request Forgery (CSRF)
CAPEC
References (2)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|---|---|
| http://seclists.org/fulldisclosure/2014/Nov/19 | 2024-09-16 | |
| http://websecurity.com.ua/7179 | 2024-09-16 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Dlink Search vendor "Dlink" | Dap-1360 Firmware Search vendor "Dlink" for product "Dap-1360 Firmware" | <= 2.5.4 Search vendor "Dlink" for product "Dap-1360 Firmware" and version " <= 2.5.4" | - |
Affected
| in | Dlink Search vendor "Dlink" | Dap-1360 Search vendor "Dlink" for product "Dap-1360" | - | - |
Safe
|