exploitDog

CVE-2014-10025

Опубликовано: 13 янв. 2015

Источник: nvd

CVSS2: 6.8

EPSS Низкий

Описание

Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DAP-1360 with firmware 2.5.4 and earlier allow remote attackers to hijack the authentication of unspecified users for requests that change the (1) Enable Wireless, (2) MBSSID, (3) BSSID, (4) Hide Access Point, (5) SSID, (6) Country, (7) Channel, (8) Wireless mode, or (9) Max Associated Clients setting via a crafted request to index.cgi.

Ссылки

http://seclists.org/fulldisclosure/2014/Nov/19
Exploit
http://websecurity.com.ua/7179/
Exploit
http://seclists.org/fulldisclosure/2014/Nov/19
Exploit
http://websecurity.com.ua/7179/
Exploit

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:dlink:dap-1360_firmware:*:*:*:*:*:*:*:*

Версия до 2.5.4 (включая)

cpe:2.3:h:dlink:dap-1360:-:*:*:*:*:*:*:*

EPSS

Процентиль: 63%

0.00442

Низкий

6.8 Medium

CVSS2

Дефекты

CWE-352

Связанные уязвимости

GHSA-q8hg-956x-hjqc

github

больше 3 лет назад

Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DAP-1360 with firmware 2.5.4 and earlier allow remote attackers to hijack the authentication of unspecified users for requests that change the (1) Enable Wireless, (2) MBSSID, (3) BSSID, (4) Hide Access Point, (5) SSID, (6) Country, (7) Channel, (8) Wireless mode, or (9) Max Associated Clients setting via a crafted request to index.cgi.

EPSS

Процентиль: 63%

0.00442

Низкий

6.8 Medium

CVSS2

Дефекты

CWE-352