Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
dir-615 vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2018-15839
D-Link DIR-615 devices have a buffer overflow via a long Authorization HTTP header.
Dlink Dir-615 Firmware -
1 EDB exploit
6.1
CVSSv3
CVE-2018-15875
Cross-site scripting (XSS) vulnerability on D-Link DIR-615 routers 20.07 allows malicious users to inject JavaScript into the router's admin UPnP page via the description field in an AddPortMapping UPnP SOAP request.
Dlink Dir-615 Firmware 20.07
1 Github repository
6.1
CVSSv3
CVE-2018-15874
Cross-site scripting (XSS) vulnerability on D-Link DIR-615 routers 20.07 allows an malicious user to inject JavaScript into the "Status -> Active Client Table" page via the hostname field in a DHCP request.
Dlink Dir-615 Firmware 20.07
1 Github repository
7.2
CVSSv3
CVE-2018-10431
D-Link DIR-615 2.5.17 devices allow Remote Code Execution via shell metacharacters in the Host field of the System / Traceroute screen.
D-link Dir-615 Firmware 2.5.17
4.8
CVSSv3
CVE-2018-10110
D-Link DIR-615 T1 devices allow XSS via the Add User feature.
D-link Dir-615 T1 Firmware 20.07
1 EDB exploit
9.8
CVSSv3
CVE-2017-11436
D-Link DIR-615 before v20.12PTb04 has a second admin account with a 0x1 BACKDOOR value, which might allow remote malicious users to obtain access via a TELNET connection.
Dlink Dir-615
9.8
CVSSv3
CVE-2017-7405
On the D-Link DIR-615 before v20.12PTb04, once authenticated, this device identifies the user based on the IP address of his machine. By spoofing the IP address belonging to the victim's host, an attacker might be able to take over the administrative session without being pr...
Dlink Dir-615
8.8
CVSSv3
CVE-2017-7404
On the D-Link DIR-615 before v20.12PTb04, if a victim logged in to the Router's Web Interface visits a malicious site from another Browser tab, the malicious site then can send requests to the victim's Router without knowing the credentials (CSRF). An attacker can host ...
Dlink Dir-615
9.8
CVSSv3
CVE-2017-7406
The D-Link DIR-615 device before v20.12PTb04 doesn't use SSL for any of the authenticated pages. Also, it doesn't allow the user to generate his own SSL Certificate. An attacker can simply monitor network traffic to steal a user's credentials and/or credentials of ...
Dlink Dir-615
9.8
CVSSv3
CVE-2017-9542
D-Link DIR-615 Wireless N 300 Router allows authentication bypass via a modified POST request to login.cgi. This issue occurs because it fails to validate the password field. Successful exploitation of this issue allows an malicious user to take control of the affected device.
D-link Dir-615 Firmware
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2024-5274
CVE-2020-17519
CVE-2024-35340
CVE-2021-47558
local
XML injection
CVE-2021-47519
CVE-2021-47543
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »