Sign-up

ID

VAR-201501-0589


CVE

CVE-2014-10025


TITLE

D-Link DAP-1360 Cross-site request forgery vulnerability in router firmware

Trust: 0.8

sources: JVNDB: JVNDB-2014-007632

DESCRIPTION

Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DAP-1360 with firmware 2.5.4 and earlier allow remote attackers to hijack the authentication of unspecified users for requests that change the (1) Enable Wireless, (2) MBSSID, (3) BSSID, (4) Hide Access Point, (5) SSID, (6) Country, (7) Channel, (8) Wireless mode, or (9) Max Associated Clients setting via a crafted request to index.cgi. D-Link DAP-1360 is a wireless access point product (AP) of D-Link. A cross-site request forgery vulnerability exists in D-Link DAP-1360 routers with firmware version 2.5.4 and earlier

Trust: 1.71

sources: NVD: CVE-2014-10025 // JVNDB: JVNDB-2014-007632 // VULHUB: VHN-68563

AFFECTED PRODUCTS

vendor:dlinkmodel:dap-1360scope:lteversion:2.5.4

Trust: 1.0

vendor:d linkmodel:dap-1360scope: - version: -

Trust: 0.8

vendor:d linkmodel:dap-1360scope:lteversion:2.5.4

Trust: 0.8

vendor:d linkmodel:dap-1360scope:eqversion:2.5.4

Trust: 0.6

sources: JVNDB: JVNDB-2014-007632 // CNNVD: CNNVD-201501-278 // NVD: CVE-2014-10025

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-10025
value: MEDIUM

Trust: 1.0

NVD: CVE-2014-10025
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201501-278
value: MEDIUM

Trust: 0.6

VULHUB: VHN-68563
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2014-10025
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-68563
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-68563 // JVNDB: JVNDB-2014-007632 // CNNVD: CNNVD-201501-278 // NVD: CVE-2014-10025

PROBLEMTYPE DATA

problemtype:CWE-352

Trust: 1.9

sources: VULHUB: VHN-68563 // JVNDB: JVNDB-2014-007632 // NVD: CVE-2014-10025

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201501-278

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-201501-278

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-007632

PATCH
title:Wireless N Range Extender: DAP-1360url:http://us.dlink.com/products/access-points-range-extenders-and-bridges/wireless-n-range-extender/
Trust: 0.8
title:D-Link DAP-1360 Repair measures for router cross-site request forgery vulnerabilityurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=234988
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2014-007632 // 
            
            
            
            CNNVD: CNNVD-201501-278

EXTERNAL IDS
db:NVDid:CVE-2014-10025
Trust: 2.5
db:JVNDBid:JVNDB-2014-007632
Trust: 0.8
db:CNNVDid:CNNVD-201501-278
Trust: 0.7
db:VULHUBid:VHN-68563
Trust: 0.1
sources:
            
            
            VULHUB: VHN-68563 // 
            
            
            
            JVNDB: JVNDB-2014-007632 // 
            
            
            
            CNNVD: CNNVD-201501-278 // 
            
            
            
            NVD: CVE-2014-10025

REFERENCES
url:http://seclists.org/fulldisclosure/2014/nov/19
Trust: 2.5
url:http://websecurity.com.ua/7179/
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-10025
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-10025
Trust: 0.8
sources:
            
            
            VULHUB: VHN-68563 // 
            
            
            
            JVNDB: JVNDB-2014-007632 // 
            
            
            
            CNNVD: CNNVD-201501-278 // 
            
            
            
            NVD: CVE-2014-10025

SOURCES
db:VULHUBid:VHN-68563
db:JVNDBid:JVNDB-2014-007632
db:CNNVDid:CNNVD-201501-278
db:NVDid:CVE-2014-10025

LAST UPDATE DATE
2024-11-23T22:31:11.065000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-68563date:2015-01-14T00:00:00
db:JVNDBid:JVNDB-2014-007632date:2015-01-16T00:00:00
db:CNNVDid:CNNVD-201501-278date:2023-04-27T00:00:00
db:NVDid:CVE-2014-10025date:2024-11-21T02:03:21.213

SOURCES RELEASE DATE
db:VULHUBid:VHN-68563date:2015-01-13T00:00:00
db:JVNDBid:JVNDB-2014-007632date:2015-01-16T00:00:00
db:CNNVDid:CNNVD-201501-278date:2015-01-15T00:00:00
db:NVDid:CVE-2014-10025date:2015-01-13T11:59:32.350