Authentication Bypass in D-Link DIR-615 Wireless Router
CVE-2017-9542

9.8CRITICAL

Key Information:

Vendor
D-link
Status
Dir-615 Firmware
Vendor
CVE Published:
11 June 2017

Summary

The D-Link DIR-615 Wireless N 300 Router is subject to a vulnerability that permits authentication bypass through a manipulated POST request targeting its login.cgi interface. This vulnerability stems from the router's failure to properly validate the password entry, which potentially allows an attacker to gain unauthorized access and take control of the device. Users should ensure their devices are updated and configure them to mitigate potential risks associated with such vulnerabilities.

References

https://twitter.com/tiger_tigerboy/status/873458088321220609
x_refsource_MISC
https://www.facebook.com/tigerBOY777/videos/1368513696568...
x_refsource_MISC
http://www.securityfocus.com/bid/98992
vdb-entryx_refsource_BID

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.