Lucene search

[email protected]CVE-2009-4821

HistoryOct 03, 2022 - 4:24 p.m.

CVE-2009-4821

2022-10-0316:24:03

CWE-287

[email protected]

web.nvd.nist.gov

d-link

dir-615

firmware

vulnerability

remote attack

admin password

wi-fi security

dns settings

cve-2009-4821

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

7.5 High

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

65.5%

JSON

The D-Link DIR-615 with firmware 3.10NA does not require administrative authentication for apply.cgi, which allows remote attackers to (1) change the admin password via the admin_password parameter, (2) disable the security requirement for the Wi-Fi network via unspecified vectors, or (3) modify DNS settings via unspecified vectors.

Affected configurations

NVD

Node

dlinkdir-615Match3.10na

CPENameOperatorVersion
dlink:dir-615dlink dir-615eq3.10na

CPE	Name	Operator	Version
dlink:dir-615	dlink dir-615	eq	3.10na

References

secunia.com/advisories/37777

www.hiredhacker.com/2009/12/15/d-link-dir-615-remote-exploit/

www.securityfocus.com/bid/37415

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

7.5 High

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

65.5%

JSON

Related for CVE-2009-4821

nvd1 prion1 cvelist1