Cross-Site Request Forgery Vulnerability in D-Link DIR-615 Wireless Router
CVE-2017-7398

8.8HIGH

Key Information:

Vendor: D-link
Status: Dir-615 Firmware
Vendor: CVE Published:; 4 April 2017

Summary

The D-Link DIR-615 wireless router is susceptible to a Cross-Site Request Forgery (CSRF) vulnerability that allows attackers to execute unauthorized actions on behalf of authenticated users. For instance, an attacker could manipulate critical settings such as changing the router's security settings from WPA2 to none, altering the hidden SSID, or modifying the SSID name and the security option password. This vulnerability poses a significant risk, enabling attackers to compromise the router's security configurations easily.

References

https://www.exploit-db.com/exploits/41821/

exploitx_refsource_EXPLOIT-DB

http://seclists.org/fulldisclosure/2017/Apr/4

x_refsource_MISC

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Apr 4, 2017
Vulnerability Reserved
Apr 1, 2017