5 matches found
CVE-2017-7405
CVE-2017-7405 affects D-Link DIR-615 before firmware v20.12PTb04. After authentication, an attacker can hijack an admin session by spoofing the user’s IP address; IP sniffing can reveal victim and router IPs, and if web access is used behind NAT/Proxy, the attacker can take over the session witho...
CVE-2017-7406
The CVE-2017-7406 issue affects the D-Link DIR-615 prior to firmware v20.12PTb04, where authenticated pages do not use SSL and users cannot generate their own SSL certificates. This enables credential theft through network traffic sniffing. Remediation is to upgrade to firmware v20.12PTb04 or lat...
CVE-2017-11436
CVE-2017-11436 affects the D-Link DIR-615 router (pre-20.12PTb04) with a second admin account containing a 0x1 BACKDOOR value, which could allow remote attackers to gain administrator access via TELNET. The vulnerability is documented across multiple sources (NVD/CNVD) with impact described as re...
CVE-2017-7404
The CVE references a CSRF vulnerability in the Web Interface of the D-Link DIR-615 (pre‑v20.12PTb04). Attackers can lure a logged‑in user to a malicious page which sends a POST to Form2File.htm, uploading firmware without credentials and potentially rebooting/crashing the device (DoS) or enabling...
CVE-2009-4821
CVE-2009-4821 affects the D-Link DIR-615 router (firmware 3.10NA). The vulnerability is that apply.cgi does not require administrative authentication, allowing remote attackers to (1) change the admin password via the admin_password parameter, (2) disable the Wi‑Fi security requirement via unspec...