CVE-2014-3760 in DAP-1150info

Summary

multiple cross-site request forgery (csrf) vulnerabilities in d-link dap 1150 with firmware 1.2.94 allow remote attackers to hijack the authentication of administrators for requests that (1) enable or (2) disable the dmz in the firewall/dmz section via a request to index.cgi or (3) add (4) modify or (5) delete url-filter settings in the control/url-filter section via a request to index.cgi as demonstrated by adding a rule that blocks access to google.com.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Reservation

05/16/2014

Disclosure

05/16/2014

Status

Confirmed

Entries

VulDB provides additional information and datapoints for this CVE:

IDVulnerabilityCWEExpCouCVE
13606D-Link DAP-1150 index.cgi cross-site request forgery352Proof-of-ConceptUnavailableCVE-2014-3760

Description

CPE

CWE

CVSS

Exploits

History

Diff

Relate

Threat Intelligence

API JSON

API XML

API CSV

Sources

PreviousOverviewNext

Do you want to use VulDB in your project?

Use the official API to access entries easily!