Dir-615 Firmware Security Vulnerabilities and Issues — Dir-615 Firmware CVE List

Lucene search

DlinkDir-615 Firmware

12 matches found

CVE•added 2019/09/27 12:15 p.m.•1042 views

CVE-2019-16920

Unauthenticated remote code execution occurs in D-Link products such as DIR-655C, DIR-866L, DIR-652, and DHP-1565. The issue occurs when the attacker sends an arbitrary input to a "PingTest" device common gateway interface that could lead to common injection. An attacker who successfully triggers t...

10CVSS9.8AI score0.94343EPSS

CVE•added 2015/05/01 3:59 p.m.•604 views

CVE-2014-8361

The miniigd SOAP service in Realtek SDK allows remote attackers to execute arbitrary code via a crafted NewInternalClient request, as exploited in the wild through 2023.

10CVSS8.1AI score0.94027EPSS

CVE•added 2024/01/19 4:15 p.m.•120 views

CVE-2024-0717

A vulnerability classified as critical was found in D-Link DAP-1360, DIR-300, DIR-615, DIR-615GF, DIR-615S, DIR-615T, DIR-620, DIR-620S, DIR-806A, DIR-815, DIR-815AC, DIR-815S, DIR-816, DIR-820, DIR-822, DIR-825, DIR-825AC, DIR-825ACF, DIR-825ACG1, DIR-841, DIR-842, DIR-842S, DIR-843, DIR-853, DIR-...

5.3CVSS5.3AI score0.19519EPSS

CVE•added 2020/04/21 7:15 p.m.•72 views

CVE-2019-17525

The login page on D-Link DIR-615 T1 20.10 devices allows remote attackers to bypass the CAPTCHA protection mechanism and conduct brute-force attacks.

8.8CVSS8.7AI score0.10456EPSS

CVE•added 2022/08/23 12:15 p.m.•67 views

CVE-2021-42627

The WAN configuration page "wan.htm" on D-Link DIR-615 devices with firmware 20.06 can be accessed directly without authentication which can lead to disclose the information about WAN settings and also leverage attacker to modify the data fields of page.

9.8CVSS9.3AI score0.73359EPSS

CVE•added 2019/12/18 1:15 p.m.•63 views

CVE-2019-19742

On D-Link DIR-615 devices, the User Account Configuration page is vulnerable to blind XSS via the name field.

4.8CVSS4.8AI score0.04588EPSS

CVE•added 2018/08/28 5:29 p.m.•60 views

CVE-2018-15839

D-Link DIR-615 devices have a buffer overflow via a long Authorization HTTP header.

9.8CVSS9.7AI score0.51099EPSS

CVE•added 2021/08/06 12:15 p.m.•45 views

CVE-2021-37388

A buffer overflow in D-Link DIR-615 C2 3.03WW. The ping_ipaddr parameter in ping_response.cgi POST request allows an attacker to crash the webserver and might even gain remote code execution.

9.8CVSS10AI score0.03432EPSS

CVE•added 2018/08/25 7:29 p.m.•36 views

CVE-2018-15874

Cross-site scripting (XSS) vulnerability on D-Link DIR-615 routers 20.07 allows an attacker to inject JavaScript into the "Status -> Active Client Table" page via the hostname field in a DHCP request.

6.1CVSS6AI score0.00299EPSS

CVE•added 2019/10/09 12:15 p.m.•36 views

CVE-2019-17353

An issue discovered on D-Link DIR-615 devices with firmware version 20.05 and 20.07. wan.htm can be accessed directly without authentication, which can lead to disclosure of information about the WAN, and can also be leveraged by an attacker to modify the data fields of the page.

8.2CVSS7.9AI score0.00628EPSS

CVE•added 2021/09/24 9:15 p.m.•36 views

CVE-2021-40654

An information disclosure issue exist in D-LINK-DIR-615 B2 2.01mt. An attacker can obtain a user name and password by forging a post request to the / getcfg.php page

6.5CVSS6.2AI score0.00832EPSS

CVE•added 2018/08/25 7:29 p.m.•34 views

CVE-2018-15875

Cross-site scripting (XSS) vulnerability on D-Link DIR-615 routers 20.07 allows attackers to inject JavaScript into the router's admin UPnP page via the description field in an AddPortMapping UPnP SOAP request.

6.1CVSS6AI score0.00299EPSS