Lucene search

MitreCVE-2014-10025

HistoryJan 13, 2015 - 11:59 a.m.

CVE-2014-10025

2015-01-1311:59:32

CWE-352

mitre

web.nvd.nist.gov

cve-2014-10025

csrf

d-link dap-1360

firmware

security vulnerability

nvd

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.5

Confidence

Low

EPSS

0.002

Percentile

65.0%

JSON

Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DAP-1360 with firmware 2.5.4 and earlier allow remote attackers to hijack the authentication of unspecified users for requests that change the (1) Enable Wireless, (2) MBSSID, (3) BSSID, (4) Hide Access Point, (5) SSID, (6) Country, (7) Channel, (8) Wireless mode, or (9) Max Associated Clients setting via a crafted request to index.cgi.

Affected configurations

Nvd

Node

dlinkdap-1360_firmwareRange≤2.5.4

AND

dlinkdap-1360Match-

VendorProductVersionCPE
dlinkdap-1360_firmware*cpe:2.3:o:dlink:dap-1360_firmware:*:*:*:*:*:*:*:*
dlinkdap-1360-cpe:2.3:h:dlink:dap-1360:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
dlink	dap-1360_firmware	*	cpe:2.3:o:dlink:dap-1360_firmware::::::::
dlink	dap-1360	-	cpe:2.3:h:dlink:dap-1360:-:::::::*

References

seclists.org/fulldisclosure/2014/Nov/19

websecurity.com.ua/7179/

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.5

Confidence

Low

EPSS

0.002

Percentile

65.0%

JSON

Related for CVE-2014-10025