Remote Administration Bypass in D-Link DIR-815 Devices
CVE-2015-0150

9.8CRITICAL

Key Information:

Vendor: D-Link
Status: Dir-815 Firmware
Vendor: CVE Published:; 12 April 2018

What is CVE-2015-0150?

The D-Link DIR-815 devices, when running firmware versions prior to 2.07.B01, are susceptible to a vulnerability that enables remote attackers to circumvent designated access restrictions. This flaw occurs through unspecified vectors, potentially allowing unauthorized individuals to gain administrative control over the device. Users of affected devices are strongly advised to upgrade to the latest firmware to mitigate this security risk.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/110583

vdb-entryx_refsource_XF

ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-815/REVB/DI...

x_refsource_CONFIRM

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 12, 2018
Vulnerability Reserved
Nov 18, 2014