Dlink: >> Dir-615 Security Vulnerabilities
A buffer overflow in D-Link DIR-615 C2 3.03WW. The ping_ipaddr parameter in ping_response.cgi POST request allows an attacker to crash the webserver and might even gain remote code execution.
CVSS Score
9.8
EPSS Score
0.034
Published
2021-08-06
The login page on D-Link DIR-615 T1 20.10 devices allows remote attackers to bypass the CAPTCHA protection mechanism and conduct brute-force attacks.
CVSS Score
8.8
EPSS Score
0.162
Published
2020-04-21
On D-Link DIR-615 devices, the User Account Configuration page is vulnerable to blind XSS via the name field.
CVSS Score
4.8
EPSS Score
0.07
Published
2019-12-18
An issue discovered on D-Link DIR-615 devices with firmware version 20.05 and 20.07. wan.htm can be accessed directly without authentication, which can lead to disclosure of information about the WAN, and can also be leveraged by an attacker to modify the data fields of the page.
CVSS Score
8.2
EPSS Score
0.005
Published
2019-10-09
CVE-2019-16920
Unauthenticated remote code execution occurs in D-Link products such as DIR-655C, DIR-866L, DIR-652, and DHP-1565. The issue occurs when the attacker sends an arbitrary input to a "PingTest" device common gateway interface that could lead to common injection. An attacker who successfully triggers the command injection could achieve full system compromise. Later, it was independently found that these are also affected: DIR-855L, DAP-1533, DIR-862L, DIR-615, DIR-835, and DIR-825.
Known exploited
CVSS Score
9.8
EPSS Score
0.944
Published
2019-09-27
D-Link DIR-615 devices have a buffer overflow via a long Authorization HTTP header.
CVSS Score
9.8
EPSS Score
0.688
Published
2018-08-28
Cross-site scripting (XSS) vulnerability on D-Link DIR-615 routers 20.07 allows an attacker to inject JavaScript into the "Status -> Active Client Table" page via the hostname field in a DHCP request.
CVSS Score
6.1
EPSS Score
0.003
Published
2018-08-25
Cross-site scripting (XSS) vulnerability on D-Link DIR-615 routers 20.07 allows attackers to inject JavaScript into the router's admin UPnP page via the description field in an AddPortMapping UPnP SOAP request.
CVSS Score
6.1
EPSS Score
0.003
Published
2018-08-25
D-Link DIR-615 2.5.17 devices allow Remote Code Execution via shell metacharacters in the Host field of the System / Traceroute screen.
CVSS Score
7.2
EPSS Score
0.024
Published
2018-04-26
D-Link DIR-615 before v20.12PTb04 has a second admin account with a 0x1 BACKDOOR value, which might allow remote attackers to obtain access via a TELNET connection.
CVSS Score
9.8
EPSS Score
0.011
Published
2017-07-19