Back to search
CVE-2014-3760
Published: May 16, 2014
Modified: Sep 16, 2024
PUBLISHED
Description
Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DAP 1150 with firmware 1.2.94 allow remote attackers to hijack the authentication of administrators for requests that (1) enable or (2) disable the DMZ in the Firewall/DMZ section via a request to index.cgi or (3) add, (4) modify, or (5) delete URL-filter settings in the Control/URL-filter section via a request to index.cgi, as demonstrated by adding a rule that blocks access to google.com.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
20140418 CSRF, AoF and XSS vulnerabilities in D-Link DAP 1150
mailing-list
x_refsource_FULLDISC
http://websecurity.com.ua/7112
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now