SSL Vulnerability in D-Link DIR-615 Router
CVE-2017-7406

9.8CRITICAL

Key Information:

Vendor: D-Link
Status: Dir-615
Vendor: CVE Published:; 7 July 2017

Summary

The D-Link DIR-615 router prior to version 20.12PTb04 lacks SSL encryption on authenticated pages, exposing sensitive user data to interception. Attackers can exploit this vulnerability to monitor unsecured network traffic and capture user credentials, jeopardizing the security of affected networks. Without the ability to create custom SSL certificates, users are further limited in securing their devices, making this an area of concern for network security.

References

ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-615/REVT/DI...

x_refsource_MISC

https://www.qualys.com/2017/03/12/qsa-2017-03-12/qsa-2017...

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 7, 2017
Vulnerability Reserved
Apr 3, 2017