D-Link DAP-1150 Cross Site Request Forgery Vulnerability

Bugtraq ID:	51985
Class:	Input Validation Error
CVE:
Remote:	Yes
Local:	No
Published:	Feb 13 2012 12:00AM
Updated:	Mar 11 2013 07:24AM
Credit:	MustLive
Vulnerable:	D-Link DAP-1150 1.2.94
Not Vulnerable:

D-Link DAP-1150 Cross Site Request Forgery Vulnerability

D-Link DAP-1150 is prone to a cross-site request-forgery vulnerability.

Exploiting this issue may allow a remote attacker to perform certain administrative actions and gain unauthorized access to the affected device. Other attacks are also possible.

D-Link DAP-1150 firmware version 1.2.94 is vulnerable; other versions may also be affected.

D-Link DAP-1150 Cross Site Request Forgery Vulnerability

To exploit this issue, an attacker must entice an unsuspecting victim to follow a malicious URI or visit a malicious website.

The following exploit is available:

• /data/vulnerabilities/exploits/51985.html.txt

D-Link DAP-1150 Cross Site Request Forgery Vulnerability

Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

D-Link DAP-1150 Cross Site Request Forgery Vulnerability

References:

• AoF and CSRF vulnerability in D-Link DAP 1150 (MustLive)
  
• D-Link Homepage (D-Link)
  
• Multiple CSRF, DoS and XSS vulnerabilities in D-Link DAP 1150 (MustLive)