Total
4 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-42627 | 2 D-link, Dlink | 8 Dir-615, Dir-615 Firmware, Dir-615 J1 and 5 more | 2022-08-24 | N/A | 9.8 CRITICAL |
The WAN configuration page "wan.htm" on D-Link DIR-615 devices with firmware 20.06 can be accessed directly without authentication which can lead to disclose the information about WAN settings and also leverage attacker to modify the data fields of page. | |||||
CVE-2018-10431 | 1 D-link | 2 Dir-615, Dir-615 Firmware | 2019-10-02 | 6.5 MEDIUM | 7.2 HIGH |
D-Link DIR-615 2.5.17 devices allow Remote Code Execution via shell metacharacters in the Host field of the System / Traceroute screen. | |||||
CVE-2017-7398 | 1 D-link | 2 Dir-615, Dir-615 Firmware | 2017-08-15 | 6.8 MEDIUM | 8.8 HIGH |
D-Link DIR-615 HW: T1 FW:20.09 is vulnerable to Cross-Site Request Forgery (CSRF) vulnerability. This enables an attacker to perform an unwanted action on a wireless router for which the user/admin is currently authenticated, as demonstrated by changing the Security option from WPA2 to None, or changing the hiddenSSID parameter, SSID parameter, or a security-option password. | |||||
CVE-2017-9542 | 1 D-link | 2 Dir-615, Dir-615 Firmware | 2017-06-22 | 10.0 HIGH | 9.8 CRITICAL |
D-Link DIR-615 Wireless N 300 Router allows authentication bypass via a modified POST request to login.cgi. This issue occurs because it fails to validate the password field. Successful exploitation of this issue allows an attacker to take control of the affected device. |