index.cgi in D-Link DAP-1360 with firmware 2.5.4 and earlier allows remote attackers to bypass authentication and obtain sensitive information by setting the client_login cookie to admin.
Medium
Date | CVE | Title | CVSS |
---|---|---|---|
2015-01-13 | CVE-2014-10028 | Cross-Site Scripting (XSS) vulnerability in D-Link DAP-1360 Firmware 2.5.4 | 4.3 |
2015-01-13 | CVE-2014-10027 | Cross-Site Request Forgery (CSRF) vulnerability in D-Link DAP-1360 Firmware 2.5.4 | 6.8 |
2015-01-13 | CVE-2014-10025 | Cross-Site Request Forgery (CSRF) vulnerability in D-Link DAP-1360 Firmware 2.5.4 | 6.8 |