RSS   Podatności dla 'Dir-615'   RSS

2017-07-19
 
CVE-2017-11436

 

 
D-Link DIR-615 before v20.12PTb04 has a second admin account with a 0x1 BACKDOOR value, which might allow remote attackers to obtain access via a TELNET connection.

 
2017-07-07
 
CVE-2017-7406

CWE-311
 

 
The D-Link DIR-615 device before v20.12PTb04 doesn't use SSL for any of the authenticated pages. Also, it doesn't allow the user to generate his own SSL Certificate. An attacker can simply monitor network traffic to steal a user's credentials and/or credentials of users being added while sniffing the traffic.

 
 
CVE-2017-7405

 

 
On the D-Link DIR-615 before v20.12PTb04, once authenticated, this device identifies the user based on the IP address of his machine. By spoofing the IP address belonging to the victim's host, an attacker might be able to take over the administrative session without being prompted for authentication credentials. An attacker can get the victim's and router's IP addresses by simply sniffing the network traffic. Moreover, if the victim has web access enabled on his router and is accessing the web interface from a different network that is behind the NAT/Proxy, an attacker can sniff the network traffic to know the public IP address of the victim's router and take over his session as he won't be prompted for credentials.

 
 
CVE-2017-7404

 

 
On the D-Link DIR-615 before v20.12PTb04, if a victim logged in to the Router's Web Interface visits a malicious site from another Browser tab, the malicious site then can send requests to the victim's Router without knowing the credentials (CSRF). An attacker can host a page that sends a POST request to Form2File.htm that tries to upload Firmware to victim's Router. This causes the router to reboot/crash resulting in Denial of Service. An attacker may succeed in uploading malicious Firmware.

 
2010-04-27
 
CVE-2009-4821

CWE-287
 

 
The D-Link DIR-615 with firmware 3.10NA does not require administrative authentication for apply.cgi, which allows remote attackers to (1) change the admin password via the admin_password parameter, (2) disable the security requirement for the Wi-Fi network via unspecified vectors, or (3) modify DNS settings via unspecified vectors.

 

 >>> Vendor: Dlink 94 Produkty
Dwl-2100ap
Mpeg4 viewer activex control
Dir-615
Dcs-2121 firmware
Dcs-2121
Des-3800 firmware
Dwl-2100ap firmware
Dwl-3200ap firmware
Des-3800
Dwl-3200ap
Dir-685
Dsl-2640b
Dsl-2640b firmware
Dcs-2000
Dcs-5300
Dcs-900
Des-3810
Des-3810 firmware
Dsl-2740b
Dsl-2740b firmware
Dir865l
Dir865l firmware
Dsl-2760u
Des-3810-28
Des-3810-28 firmware
Dir-601 firmware
Dir-655 firmware
Dcs-931l firmware
Dcs-932l firmware
Dir-605l firmware
Dir-816l firmware
Dir-822 firmware
Dir-818l(w) firmware
Dir-823 firmware
Dir-868l firmware
Dir-880l firmware
Dir-885l firmware
Dir-890l firmware
Dir-895l firmware
Dwr-932b firmware
Websmart dgs-1510 series firmware
Dsl-2730u firmware
Di-524 firmware
Dir-600m firmware
Dir-615 firmware
Dwr-116 firmware
Dcs-5009l firmware
Dcs-5025l firmware
Dcs-933l firmware
Dcs-930l firmware
Dcs-934l firmware
Dcs-5030l firmware
Dcs-5010l firmware
Dcs-5020l firmware
Dir-850l firmware
Dwr-933 firmware
Dir-860l firmware
Dsl-3782 firmware
Dir-620 firmware
Dir-846 firmware
Eyeon baby monitor firmware
Dir-823g firmware
Dcm-604 firmware
Dcm-704 firmware
Dir-818lw firmware
Dir-140l firmware
Dir-640l firmware
Dwr-512 firmware
Dwr-921 firmware
Dsl-2770l firmware
Dwr-555 firmware
Dir-822-us firmware
Dva-5592 firmware
Dir-878 firmware
Central wifimanager
Dir-816 firmware
Dir-817lw firmware
Dir-300 firmware
Dir-865 firmware
Dcs-1130 firmware
Dcs-1100 firmware
Dsl-2750u firmware
6600-ap firmware
Dwl-3600ap firmware
Dwl-8610ap firmware
Dir-806 firmware
Dns-320 firmware
Dhp-1565 firmware
Dir-652 firmware
Dir-866l firmware
Dir-816 a1 firmware
Dap-1320 a2 firmware
Dir-850l a firmware
Dir-859 a3 firmware


Copyright 2024, cxsecurity.com

 

Back to Top