Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DAP-1360 router with firmware 2.5.4 and earlier allow remote attackers to hijack the authentication of unspecified users for requests that (1) change the MAC filter restrict mode, (2) add a MAC address to the filter, or (3) remove a MAC address from the filter via a crafted request to index.cgi.
Medium
Date | CVE | Title | CVSS |
---|---|---|---|
2015-01-13 | CVE-2014-10028 | Cross-Site Scripting (XSS) vulnerability in D-Link DAP-1360 Firmware 2.5.4 | 4.3 |
2015-01-13 | CVE-2014-10026 | Information Leak / Disclosure vulnerability in D-Link DAP-1360 Firmware 2.5.4 | 5.0 |
2015-01-13 | CVE-2014-10025 | Cross-Site Request Forgery (CSRF) vulnerability in D-Link DAP-1360 Firmware 2.5.4 | 6.8 |