Lucene search

MitreCVE-2014-10028

HistoryJan 13, 2015 - 11:59 a.m.

CVE-2014-10028

2015-01-1311:59:35

CWE-79

mitre

web.nvd.nist.gov

cve-2014-10028

cross-site scripting

xss

d-link

dap-1360

router

firmware

security vulnerability

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

Confidence

High

EPSS

0.002

Percentile

60.9%

JSON

Cross-site scripting (XSS) vulnerability in D-Link DAP-1360 router with firmware 2.5.4 and later allows remote attackers to inject arbitrary web script or HTML via the res_buf parameter to index.cgi when res_config_id is set to 41.

Affected configurations

Nvd

Node

dlinkdap-1360_firmwareRange≤2.5.4

AND

dlinkdap-1360

VendorProductVersionCPE
dlinkdap-1360_firmware*cpe:2.3:o:dlink:dap-1360_firmware:*:*:*:*:*:*:*:*
dlinkdap-1360*cpe:2.3:h:dlink:dap-1360:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
dlink	dap-1360_firmware	*	cpe:2.3:o:dlink:dap-1360_firmware::::::::
dlink	dap-1360	*	cpe:2.3:h:dlink:dap-1360::::::::

References

seclists.org/fulldisclosure/2014/Nov/100

websecurity.com.ua/7215/

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

Confidence

High

EPSS

0.002

Percentile

60.9%

JSON

Related for CVE-2014-10028