Moderate

CVE-2014-10027 - Cross-Site Request Forgery (CSRF) vulnerability in D-Link DAP-1360 Firmware 2.5.4

Publication: 2015-01-13

Summary

Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DAP-1360 router with firmware 2.5.4 and earlier allow remote attackers to hijack the authentication of unspecified users for requests that (1) change the MAC filter restrict mode, (2) add a MAC address to the filter, or (3) remove a MAC address from the filter via a crafted request to index.cgi.

Classification

CWE-352: Cross-Site Request Forgery (CSRF)

Risk level (CVSS 6.8)

Moderate

6.8

Access Vector

Network
Adjacent Network
Local

Access Complexity

Low
Medium
High

Authentication

None
Single
Multiple

Confident. Impact

Complete
Partial
None

Integrity Impact

Complete
Partial
None

Affected Products

D-link DAP-1360 Firmware 2.5.4

References

http://seclists.org/fulldisclosure/2014/Nov/100
http://websecurity.com.ua/7215/