CVE-2014-10027 - Cross-Site Request Forgery (CSRF) vulnerability in D-Link DAP-1360 Firmware 2.5.4
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DAP-1360 router with firmware 2.5.4 and earlier allow remote attackers to hijack the authentication of unspecified users for requests that (1) change the MAC filter restrict mode, (2) add a MAC address to the filter, or (3) remove a MAC address from the filter via a crafted request to index.cgi.
Classification
CWE-352 - Cross-Site Request Forgery (CSRF)Risk level (CVSS 6.8)
Medium
6.8
Access Vector
- Network
- Adjacent Network
- Local
Access Complexity
- Low
- Medium
- High
Authentication
- None
- Single
- Multiple
Confident. Impact
- Complete
- Partial
- None
Integrity Impact
- Complete
- Partial
- None
Affected Products
External references
Related CVE
| Date | CVE | Title | CVSS |
|---|---|---|---|
| 2015-01-13 | CVE-2014-10028 | Cross-Site Scripting (XSS) vulnerability in D-Link DAP-1360 Firmware 2.5.4 | 4.3 |
| 2015-01-13 | CVE-2014-10026 | Information Leak / Disclosure vulnerability in D-Link DAP-1360 Firmware 2.5.4 | 5.0 |
| 2015-01-13 | CVE-2014-10025 | Cross-Site Request Forgery (CSRF) vulnerability in D-Link DAP-1360 Firmware 2.5.4 | 6.8 |