ID
VAR-E-201404-0260
CVE
| cve_id: | CVE-2014-3760 | Trust: 0.3 |
| cve_id: | CVE-2014-3761 | Trust: 0.3 |
TITLE
D-Link DAP-1150 Cross Site Scripting and Cross Site Request Forgery Vulnerabilities
Trust: 0.3
DESCRIPTION
D-Link DAP-1150 is prone to a cross-site scripting vulnerability and multiple cross-site request-forgery vulnerabilities.
An attacker may exploit these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, perform unauthorized actions, and disclose or modify sensitive information. Other attacks may also be possible.
D-Link DAP-1150 firmware version 1.2.94 is vulnerable; other versions may also be affected.
Trust: 0.3
AFFECTED PRODUCTS
| vendor: | d link | model: | dap-1150 | scope: | eq | version: | 1.2.94 | Trust: 0.3 |
EXPLOIT
To exploit these issues an attacker must entice an unsuspecting victim into following a malicious URI or visiting a malicious website.
Trust: 0.3
PRICE
Free
Trust: 0.3
TYPE
Input Validation Error
Trust: 0.3
CREDITS
MustLive
Trust: 0.3
EXTERNAL IDS
| db: | NVD | id: | CVE-2014-3760 | Trust: 0.3 |
| db: | NVD | id: | CVE-2014-3761 | Trust: 0.3 |
| db: | BID | id: | 67549 | Trust: 0.3 |
REFERENCES
| url: | http://www.dlink.com/ | Trust: 0.3 |
| url: | http://websecurity.com.ua/7112 | Trust: 0.3 |
SOURCES
| db: | BID | id: | 67549 |
LAST UPDATE DATE
2022-07-27T09:15:36.445000+00:00
SOURCES UPDATE DATE
| db: | BID | id: | 67549 | date: | 2014-04-16T00:00:00 |
SOURCES RELEASE DATE
| db: | BID | id: | 67549 | date: | 2014-04-16T00:00:00 |