Sign-up

ID

VAR-201405-0528


CVE

CVE-2014-3761


TITLE

D-Link DAP 1150 Firmware cross-site scripting vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2014-002532

DESCRIPTION

Cross-site scripting (XSS) vulnerability in D-Link DAP 1150 with firmware 1.2.94 allows remote attackers to inject arbitrary web script or HTML via the res_buf parameter to index.cgi in the Control/URL-filter section. The D-Link DAP-1150 is an 802.11g standard wireless network router. The D-link DAP-1150 is a router device. D-link DAP-1150 failed to correctly handle the 'Name', 'IP Addresses Source', 'Destination', 'Ports Source' and 'Destination' fields in the 'res_buf' parameter of the add function, allowing the attacker to exploit the vulnerability. Malicious URIs that entice users to parse, get sensitive information or hijack user sessions. D-Link DAP-1150 is prone to a cross-site scripting vulnerability and multiple cross-site request-forgery vulnerabilities. An attacker may exploit these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, perform unauthorized actions, and disclose or modify sensitive information. Other attacks may also be possible. D-Link DAP-1150 firmware version 1.2.94 is vulnerable; other versions may also be affected. The vulnerability is caused by the index.cgi script under Control/URL-filter not adequately filtering the 'res_buf' parameter

Trust: 3.06

sources: NVD: CVE-2014-3761 // JVNDB: JVNDB-2014-002532 // CNVD: CNVD-2014-03211 // CNVD: CNVD-2014-02433 // BID: 67549 // VULHUB: VHN-71701

IOT TAXONOMY

category:['IoT', 'Network device']sub_category: -

Trust: 1.2

sources: CNVD: CNVD-2014-03211 // CNVD: CNVD-2014-02433

AFFECTED PRODUCTS

vendor:d linkmodel:dap-1150scope:eqversion:1.2.94

Trust: 1.7

vendor:d linkmodel:dap-1150scope: - version: -

Trust: 1.4

vendor:dlinkmodel:dap 1150scope:eqversion:1.2.94

Trust: 1.0

vendor:dlinkmodel:dap 1150scope:eqversion: -

Trust: 1.0

vendor:d linkmodel:dap 1150scope:eqversion:1.2.94

Trust: 0.6

sources: CNVD: CNVD-2014-03211 // CNVD: CNVD-2014-02433 // BID: 67549 // JVNDB: JVNDB-2014-002532 // CNNVD: CNNVD-201405-299 // NVD: CVE-2014-3761

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-3761
value: MEDIUM

Trust: 1.0

NVD: CVE-2014-3761
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2014-03211
value: MEDIUM

Trust: 0.6

CNVD: CNVD-2014-02433
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201405-299
value: MEDIUM

Trust: 0.6

VULHUB: VHN-71701
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2014-3761
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2014-03211
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

CNVD: CNVD-2014-02433
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-71701
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CNVD: CNVD-2014-03211 // CNVD: CNVD-2014-02433 // VULHUB: VHN-71701 // JVNDB: JVNDB-2014-002532 // CNNVD: CNNVD-201405-299 // NVD: CVE-2014-3761

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-71701 // JVNDB: JVNDB-2014-002532 // NVD: CVE-2014-3761

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201405-299

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201405-299

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-002532

PATCH
title:D-Link DAP-1150url:https://dlink-jp.com/wp-content/uploads/files/DAP-1150_MAN_R01_A1G_v1.00b17.pdf
Trust: 0.8
title:トップページurl:http://www.dlink-jp.com/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2014-002532

EXTERNAL IDS
db:NVDid:CVE-2014-3761
Trust: 3.4
db:OSVDBid:105756
Trust: 1.2
db:BIDid:67549
Trust: 0.9
db:JVNDBid:JVNDB-2014-002532
Trust: 0.8
db:CNNVDid:CNNVD-201405-299
Trust: 0.7
db:CNVDid:CNVD-2014-03211
Trust: 0.6
db:CNVDid:CNVD-2014-02433
Trust: 0.6
db:VULHUBid:VHN-71701
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2014-03211 // 
            
            
            
            CNVD: CNVD-2014-02433 // 
            
            
            
            VULHUB: VHN-71701 // 
            
            
            
            BID: 67549 // 
            
            
            
            JVNDB: JVNDB-2014-002532 // 
            
            
            
            CNNVD: CNNVD-201405-299 // 
            
            
            
            NVD: CVE-2014-3761

REFERENCES
url:http://seclists.org/fulldisclosure/2014/apr/246
Trust: 3.1
url:http://websecurity.com.ua/7112
Trust: 2.0
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3761
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3761
Trust: 0.8
url:http://osvdb.com/show/osvdb/105756
Trust: 0.6
url:http://seclists.org/fulldisclosure/2014/apr/184
Trust: 0.6
url:http://seclists.org/fulldisclosure/2014/apr/194
Trust: 0.6
url:http://www.osvdb.com/show/osvdb/105756
Trust: 0.6
url:http://www.dlink.com/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2014-03211 // 
            
            
            
            CNVD: CNVD-2014-02433 // 
            
            
            
            VULHUB: VHN-71701 // 
            
            
            
            BID: 67549 // 
            
            
            
            JVNDB: JVNDB-2014-002532 // 
            
            
            
            CNNVD: CNNVD-201405-299 // 
            
            
            
            NVD: CVE-2014-3761

CREDITS
MustLive
Trust: 0.3
sources:
            
            
            BID: 67549

SOURCES
db:CNVDid:CNVD-2014-03211
db:CNVDid:CNVD-2014-02433
db:VULHUBid:VHN-71701
db:BIDid:67549
db:JVNDBid:JVNDB-2014-002532
db:CNNVDid:CNNVD-201405-299
db:NVDid:CVE-2014-3761

LAST UPDATE DATE
2025-04-13T23:23:54.190000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2014-03211date:2014-05-23T00:00:00
db:CNVDid:CNVD-2014-02433date:2014-04-18T00:00:00
db:VULHUBid:VHN-71701date:2014-05-16T00:00:00
db:BIDid:67549date:2014-04-16T00:00:00
db:JVNDBid:JVNDB-2014-002532date:2014-05-19T00:00:00
db:CNNVDid:CNNVD-201405-299date:2023-04-27T00:00:00
db:NVDid:CVE-2014-3761date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:CNVDid:CNVD-2014-03211date:2014-05-23T00:00:00
db:CNVDid:CNVD-2014-02433date:2014-04-17T00:00:00
db:VULHUBid:VHN-71701date:2014-05-16T00:00:00
db:BIDid:67549date:2014-04-16T00:00:00
db:JVNDBid:JVNDB-2014-002532date:2014-05-19T00:00:00
db:CNNVDid:CNNVD-201405-299date:2014-05-19T00:00:00
db:NVDid:CVE-2014-3761date:2014-05-16T14:55:06.157