Cross-Site Request Forgery in D-Link DAP-1360 Affects Wireless Settings
CVE-2014-10025

Currently unrated

Key Information:

Vendor: D-Link
Status: Dap-1360 Firmware
Vendor: CVE Published:; 13 January 2015

Summary

The D-Link DAP-1360 is susceptible to multiple Cross-Site Request Forgery (CSRF) vulnerabilities that could enable remote attackers to manipulate essential wireless settings. These vulnerabilities allow unauthorized changes to configurations such as Wireless Enable/Disable, SSID modification, BSSID changes, and adjustments to the wireless channel and mode. Attackers could exploit this flaw by sending crafted requests to the device’s index.cgi, potentially leading to unauthorized access to the network and compromised security settings.

References

http://seclists.org/fulldisclosure/2014/Nov/19

mailing-listx_refsource_FULLDISC

http://websecurity.com.ua/7179/

x_refsource_MISC

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Jan 13, 2015