The WAN configuration page "wan.htm" on D-Link DIR-615 devices with firmware 20.06 can be accessed directly without authentication which can lead to disclose the information about WAN settings and also leverage attacker to modify the data fields of page.
oryginał ENCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HDlink Dir 615
HWDlinkwszystkie wersjeDlink Dir 615 Firmware
OSDlink20.06Dlink Dir 615 J1
HWDlinkwszystkie wersjeDlink Dir 615 J1 Firmware
OSDlink20.06Dlink Dir 615jx10
HWDlinkwszystkie wersjeDlink Dir 615jx10 Firmware
OSDlink20.06Dlink Dir 615 T1
HWDlinkwszystkie wersjeDlink Dir 615 T1 Firmware
OSDlink20.06
Powiązane podatności
Unauthenticated remote code execution occurs in D-Link products such as DIR-655C, DIR-866L, DIR-652, and DHP-1...
The miniigd SOAP service in Realtek SDK allows remote attackers to execute arbitrary code via a crafted NewInt...
D-Link DIR-series — nieuwierzytelniony command injection w service.cgi (root RCE)
A buffer overflow in D-Link DIR-615 C2 3.03WW. The ping_ipaddr parameter in ping_response.cgi POST request all...
Certain D-Link devices have a hardcoded Alphanetworks user account with TELNET access because of /etc/config/i...