CVE-2014-10026 - Information Leak / Disclosure vulnerability in D-Link DAP-1360 Firmware 2.5.4
Summary
index.cgi in D-Link DAP-1360 with firmware 2.5.4 and earlier allows remote attackers to bypass authentication and obtain sensitive information by setting the client_login cookie to admin.
Classification
CWE-200 - Information Leak / DisclosureRisk level (CVSS 5.0)
Medium
5.0
Access Vector
- Network
- Adjacent Network
- Local
Access Complexity
- Low
- Medium
- High
Authentication
- None
- Single
- Multiple
Confident. Impact
- Complete
- Partial
- None
Integrity Impact
- Complete
- Partial
- None
Affected Products
External references
Related CVE
| Date | CVE | Title | CVSS |
|---|---|---|---|
| 2015-01-13 | CVE-2014-10028 | Cross-Site Scripting (XSS) vulnerability in D-Link DAP-1360 Firmware 2.5.4 | 4.3 |
| 2015-01-13 | CVE-2014-10027 | Cross-Site Request Forgery (CSRF) vulnerability in D-Link DAP-1360 Firmware 2.5.4 | 6.8 |
| 2015-01-13 | CVE-2014-10025 | Cross-Site Request Forgery (CSRF) vulnerability in D-Link DAP-1360 Firmware 2.5.4 | 6.8 |