Cross-Site Request Forgery Vulnerability in D-Link DIR-815 Devices
CVE-2015-0151

8.8HIGH

Key Information:

Vendor: D-Link
Status: Dir-815 Firmware
Vendor: CVE Published:; 12 April 2018

What is CVE-2015-0151?

A cross-site request forgery (CSRF) vulnerability exists in D-Link DIR-815 devices running firmware versions prior to 2.07.B01. This security flaw allows remote attackers to manipulate the authentication of users, enabling them to perform unauthorized actions, such as injecting malicious scripts. Attackers can exploit this vulnerability to gain control over user sessions, posing a significant risk to network security and user data integrity. Users are advised to update their firmware to the latest version to mitigate this security threat.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/110584

vdb-entryx_refsource_XF

ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-815/REVB/DI...

x_refsource_CONFIRM

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 12, 2018
Vulnerability Reserved
Nov 18, 2014