Moderate

CVE-2014-10026 - Information Leak / Disclosure vulnerability in D-Link DAP-1360 Firmware 2.5.4

Publication: 2015-01-13

Summary

index.cgi in D-Link DAP-1360 with firmware 2.5.4 and earlier allows remote attackers to bypass authentication and obtain sensitive information by setting the client_login cookie to admin.

Classification

CWE-200: Information Leak / Disclosure

Risk level (CVSS 5)

Moderate

5.0

Access Vector

Network
Adjacent Network
Local

Access Complexity

Low
Medium
High

Authentication

None
Single
Multiple

Confident. Impact

Complete
Partial
None

Integrity Impact

Complete
Partial
None

Affected Products

D-link DAP-1360 Firmware 2.5.4

References

http://seclists.org/fulldisclosure/2014/Nov/19
http://websecurity.com.ua/7179/