CRITICAL🇬🇧 English

CVE-2021-42627

CVSS 9.8v3.1pub. 2022-08-23upd. 2026-07-05

The WAN configuration page "wan.htm" on D-Link DIR-615 devices with firmware 20.06 can be accessed directly without authentication which can lead to disclose the information about WAN settings and also leverage attacker to modify the data fields of page.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Dlink Dir 615

    HW
    Dlink
    wszystkie wersje
  • Dlink Dir 615 Firmware

    OS
    Dlink
    20.06
  • Dlink Dir 615 J1

    HW
    Dlink
    wszystkie wersje
  • Dlink Dir 615 J1 Firmware

    OS
    Dlink
    20.06
  • Dlink Dir 615jx10

    HW
    Dlink
    wszystkie wersje
  • Dlink Dir 615jx10 Firmware

    OS
    Dlink
    20.06
  • Dlink Dir 615 T1

    HW
    Dlink
    wszystkie wersje
  • Dlink Dir 615 T1 Firmware

    OS
    Dlink
    20.06
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2019-16920CRITICAL9.8⚠ KEVten sam produkt

Unauthenticated remote code execution occurs in D-Link products such as DIR-655C, DIR-866L, DIR-652, and DHP-1...

CVE-2014-8361CRITICAL9.8⚠ KEVten sam produkt

The miniigd SOAP service in Realtek SDK allows remote attackers to execute arbitrary code via a crafted NewInt...

CVE-2018-25115CRITICAL10.0PL ✓ten sam produkt

D-Link DIR-series — nieuwierzytelniony command injection w service.cgi (root RCE)

CVE-2021-37388CRITICAL9.8ten sam produkt

A buffer overflow in D-Link DIR-615 C2 3.03WW. The ping_ipaddr parameter in ping_response.cgi POST request all...

CVE-2019-18852CRITICAL9.8ten sam produkt

Certain D-Link devices have a hardcoded Alphanetworks user account with TELNET access because of /etc/config/i...