CVE-2014-10025
D-Link DAP-1360 Firmware < 2.5.4 - Cross-Site Request Forgery via index.cgi
Title source: llmDescription
Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DAP-1360 with firmware 2.5.4 and earlier allow remote attackers to hijack the authentication of unspecified users for requests that change the (1) Enable Wireless, (2) MBSSID, (3) BSSID, (4) Hide Access Point, (5) SSID, (6) Country, (7) Channel, (8) Wireless mode, or (9) Max Associated Clients setting via a crafted request to index.cgi.
References (2)
Core 2
Core References
Exploit mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2014/Nov/19
Exploit x_refsource_misc
http://websecurity.com.ua/7179/
Scores
EPSS
0.0044
EPSS Percentile
63.5%
Details
CWE
CWE-352
Status
published
Products (1)
dlink/dap-1360_firmware
< 2.5.4
Published
Jan 13, 2015
Tracked Since
Feb 18, 2026