CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2017-7404

On the D-Link DIR-615 before v20.12PTb04, if a victim logged in to the Router's Web Interface visits a malicious site from another Browser tab, the malicious site then can send requests to the victim's Router without knowing the credentials (CSRF). An attacker can host a page that sends a POST request to Form2File.htm that tries to upload Firmware to victim's Router. This causes the router to reboot/crash resulting in Denial of Service. An attacker may succeed in uploading malicious Firmware.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 53.8%

CVSS Severity

CVSS v3 Score 8.8

CVSS v2 Score 6.8

References

ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-615/REVT/DIR-615_REVT_FIRMWARE_PATCH_v20.12PTb04.zip
https://www.qualys.com/2017/03/12/qsa-2017-03-12/qsa-2017-03-12.pdf
ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-615/REVT/DIR-615_REVT_FIRMWARE_PATCH_v20.12PTb04.zip
https://www.qualys.com/2017/03/12/qsa-2017-03-12/qsa-2017-03-12.pdf

Products affected by CVE-2017-7404

Dlink » Dir-615 » Version: N/A

cpe:2.3:h:dlink:dir-615:-
Dlink » Dir-615 » Version: 20.12ptb01

cpe:2.3:o:dlink:dir-615:20.12ptb01

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2017-7404

Products

Pricing

Contact Us