Lucene search
+L
DlinkDir-615 Firmware

19 matches found

CVE
CVE
added 2019/09/27 11:34 a.m.1109 views

CVE-2019-16920

CVE-2019-16920 is an unauthenticated remote code execution flaw in D-Link consumer routers (DIR-655C, DIR-866L, DIR-652, DHP-1565, DIR-855L, DAP-1533, DIR-862L, DIR-615, DIR-835, DIR-825, and others) triggered by arbitrary input to the PingTest CGI, allowing command injection and full system comp...

10CVSS9.8AI score0.99996EPSS
In wild
CVE
CVE
added 2015/05/01 12:0 a.m.701 views

CVE-2014-8361

CVE-2014-8361 affects Realtek SDK’s miniigd UPnP SOAP service. The root cause is improper input validation in the NewInternalClient handling, enabling a remote attacker to execute arbitrary code. The description notes exploitation in the wild through 2023. Related sources indicate this vulnerabil...

10CVSS8.1AI score0.99975EPSS
In wildWeb
CVE
CVE
added 2024/01/19 3:31 p.m.149 views

CVE-2024-0717

Affects a wide range of D-Link devices (e.g., DAP-1360, DIR-300, DIR-615, DIR-620, DVG-series, Good Line Router v2, and others) with the vulnerability residing in the HTTP GET Request Handler for /devinfo. The underlying issue is improper handling of the area parameter, where input such as notice...

5.3CVSS5.3AI score0.18195EPSS
CVE
CVE
added 2020/04/21 6:57 p.m.89 views

CVE-2019-17525

CVE-2019-17525 concerns the login page of the D-Link DIR-615 T1 with firmware 20.10, where an issue allows remote attackers to bypass CAPTCHA protection and perform brute-force login attempts. The connected sources confirm a CAPTCHA bypass vulnerability on DIR-615 T1 20.10, enabling credential br...

8.8CVSS8.7AI score0.0584EPSS
CVE
CVE
added 2022/08/23 11:51 a.m.89 views

CVE-2021-42627

D-Link DIR-615 devices running firmware 20.06 are affected by CVE-2021-42627. The WAN configuration page wan.htm can be accessed without authentication, enabling disclosure of WAN settings and potential modification of page data. The Nuclei template confirms unauthorized access and describes impa...

9.8CVSS9.3AI score0.6307EPSS
CVE
CVE
added 2019/12/18 12:19 p.m.81 views

CVE-2019-19742

CVE-2019-19742 affects D-Link DIR-615 routers, where the User Account Configuration page is vulnerable to blind XSS via the name field. Connected sources substantiate a lack of proper input validation on the web UI leading to client-side script execution; exploitation steps reported include inser...

4.8CVSS4.8AI score0.19834EPSS
Web
CVE
CVE
added 2021/08/06 11:22 a.m.77 views

CVE-2021-37388

CVE-2021-37388 affects the D-Link DIR-615 C2 router (firmware 3.03WW). A buffer overflow in the ping_ipaddr parameter of the ping_response.cgi POST request allows an attacker to crash the webserver and may enable remote code execution. The connected documents confirm the component and root cause ...

9.8CVSS10AI score0.0374EPSS
CVE
CVE
added 2018/08/28 5:0 p.m.74 views

CVE-2018-15839

D-Link DIR-615 is affected by CVE-2018-15839: a buffer overflow can be triggered by a long Authorization HTTP header (or session cookie) in the device, enabling a denial of service effect that logs the router out and disrupts network connectivity. Exploit demonstrations describe injecting a long ...

9.8CVSS9.7AI score0.45347EPSS
CVE
CVE
added 2021/09/24 8:2 p.m.58 views

CVE-2021-40654

The CVE-2021-40654 entry concerns D-Link DIR-615 B2 (firmware 2.01mt). A vulnerability allows information disclosure: an attacker can forge a POST request to /getcfg.php to obtain a user name and password. The issue is documented across multiple sources (NVD, CNVD/CNNVD) with the same flaw; no ex...

6.5CVSS6.2AI score0.018EPSS
CVE
CVE
added 2019/10/09 11:55 a.m.57 views

CVE-2019-17353

CVE-2019-17353 affects D-Link DIR-615 devices with firmware version 20.05 and 20.07. The issue: the WAN management page (wan.htm) is accessible directly without authentication, leading to potential disclosure of WAN information and the ability for an attacker to modify data fields on that page. T...

8.2CVSS7.9AI score0.02958EPSS
CVE
CVE
added 2018/08/25 7:0 p.m.51 views

CVE-2018-15874

The connected CNVD entry describes a Cross-Site Scripting (XSS) vulnerability in D-Link DIR-615 routers using version 20.07, exploitable by injecting JavaScript into the Status → Active Client Table via the hostname field in DHCP requests. Affected component: the DHCP hostname handling on DIR-615...

6.1CVSS6AI score0.01176EPSS
CVE
CVE
added 2018/08/25 7:0 p.m.50 views

CVE-2018-15875

The CVE concerns D-Link DIR-615 routers (version 20.07) with an XSS in the UPnP AddPortMapping SOAP request. The root cause is that the description field can be manipulated to inject JavaScript into the router’s admin UPnP page (Advanced→UPnP). Connected sources (CNVD-2018-16522, NVD entry) confi...

6.1CVSS6AI score0.01176EPSS
CVE
CVE
added 2025/08/27 9:24 p.m.47 views

CVE-2018-25115

Multiple D-Link DIR-series routers (DIR-110, DIR-412, DIR-600, DIR-610, DIR-615, DIR-645, DIR-815) are affected by a remote code execution vulnerability in the /service.cgi endpoint. The flaw stems from improper input handling in the EVENT=CHECKFW parameter, which is passed directly to the system...

10CVSS7.2AI score0.08674EPSS
CVE
CVE
added 2026/01/26 11:32 p.m.35 views

CVE-2026-1448

The CVE-2026-1448 entry concerns D-Link DIR-615 Web Management Interface up to version 4.10. The vulnerability lies in the /wiz_policy_3_machine.php file where manipulating the ipaddr argument enables operating system command injection. This allows remote initiation of an exploit, and multiple so...

8.6CVSS5.6AI score0.05258EPSS
CVE
CVE
added 2026/01/28 2:32 a.m.35 views

CVE-2026-1506

The CVE-2026-1506 entry affects D-Link DIR-615, specifically the MAC Filter Configuration component’s file /adv_mac_filter.php. The vulnerability is an OS command injection triggered by manipulating the mac argument, enabling remote execution. The issue is documented across multiple sources (NVD,...

8.6CVSS5.6AI score0.05071EPSS
CVE
CVE
added 2025/08/01 8:39 p.m.28 views

CVE-2013-10050

CVE-2013-10050 affects D-Link DIR-300 (rev A, v1.05) and DIR-615 (rev D, v4.13). An authenticated user can exploit the tools_vct.xgi CGI endpoint to inject commands via pingIp, leading to full device compromise (telnet daemon and root shell). The flaw is tied to firmware exposing tools_vct.xgi on...

8.8CVSS6.2AI score0.09637EPSS
Web
CVE
CVE
added 2026/01/28 1:32 a.m.27 views

CVE-2026-1505

CVE-2026-1505 affects D-Link DIR-615 v4.10 in the URL Filter component, due to improper processing of the file “/set_temp_nodes.php” that enables OS command injection. It can be triggered remotely and the exploit has been publicly released; affected devices are those no longer maintained. Multipl...

8.6CVSS5.6AI score0.04474EPSS
CVE
CVE
added 2026/02/08 12:2 p.m.26 views

CVE-2026-2151

The CVE-2026-2151 vulnerability affects D-Link DIR-615 (firmware 4.10) in the DMZ Host Feature, specifically the adv_firewall.php component. The root cause is manipulation of the dmz_ipaddr argument, enabling OS command injection. Impact is remote code execution with high risk to confidentiality,...

8.6CVSS6.8AI score0.04425EPSS
CVE
CVE
added 2026/02/08 12:32 p.m.23 views

CVE-2026-2152

Summary: CVE-2026-2152 affects D-Link DIR-615 v4.10 (Web Configuration Interface). The vulnerability is in adv_routing.php; manipulating dest_ip, submask, or gw leads to OS command injection. It is remotely exploitable and the exploit has been publicized. Affected products are no longer maintaine...

8.6CVSS6.8AI score0.04545EPSS
Web