CVE-2014-10027

CWE-352 — Cross-Site Request Forgery (CSRF)3 documents3 sources

Severity

6.8MEDIUM

EPSS

0.4%

top 36.71%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Dlink Dap-1360 Firmware

Timeline

PublishedJan 13

Latest updateMay 17

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DAP-1360 router with firmware 2.5.4 and earlier allow remote attackers to hijack the authentication of unspecified users for requests that (1) change the MAC filter restrict mode, (2) add a MAC address to the filter, or (3) remove a MAC address from the filter via a crafted request to index.cgi.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages1 packages

▶NVDdlink/dap-1360_firmware2.5.4

🔴Vulnerability Details

GHSA

GHSA-9x2g-v43f-pj3g: Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DAP-1360 router with firmware 2↗2022-05-17

▶

CVEList

CVE-2014-10027: Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DAP-1360 router with firmware 2↗2015-01-13

▶