CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
96.2%
D-Link DIR-615 devices with firmware 20.06 are susceptible to unauthorized access. An attacker can access the WAN configuration page wan.htm without authentication, which can lead to disclosure of WAN settings, data modification, and/or other unauthorized operations.
id: CVE-2021-42627
info:
name: D-Link DIR-615 - Unauthorized Access
author: For3stCo1d
severity: critical
description: |
D-Link DIR-615 devices with firmware 20.06 are susceptible to unauthorized access. An attacker can access the WAN configuration page wan.htm without authentication, which can lead to disclosure of WAN settings, data modification, and/or other unauthorized operations.
impact: |
Successful exploitation of this vulnerability can lead to unauthorized access to the router, potentially compromising the network and exposing sensitive information.
remediation: |
Apply the latest firmware update provided by D-Link to fix the vulnerability and ensure strong and unique passwords are set for router administration.
reference:
- https://github.com/sanjokkarki/D-Link-DIR-615/blob/main/CVE-2021-42627
- https://www.dlink.com/en/security-bulletin/
- https://nvd.nist.gov/vuln/detail/CVE-2021-42627
- http://d-link.com
- http://dlink.com
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2021-42627
epss-score: 0.23452
epss-percentile: 0.96557
cpe: cpe:2.3:h:dlink:dir-615:-:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 1
vendor: dlink
product: dir-615
shodan-query:
- http.title:"Roteador Wireless"
- cpe:"cpe:2.3:h:dlink:dir-615"
tags: cve2021,cve,d-link,router,unauth,dir-615,roteador,dlink
http:
- method: GET
path:
- "{{BaseURL}}/wan.htm"
matchers-condition: and
matchers:
- type: word
part: body
words:
- "src='menu.js?v=\"+Math.random()+\"'></scr\"+\"ipt>\");"
- "var ipv6conntype"
condition: and
- type: word
part: header
words:
- Virtual Web
- type: status
status:
- 200
# digest: 4a0a00473045022100e4d5487a082723df11144a8b0f2e88629a00dd2c7610b5a4ed7d8a93f701ed4902201134b8a066e2c335b4cb6f555ae9289fbd92320176a053562678150f2dd43eb7:922c64590222798bb761d5b6d8e72950
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
96.2%