Dir-615 CVEs and Security Vulnerabilities

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (28 CVEs found)

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2019-18852	1 Dlink	14 Dir-600 B1, Dir-600 B1 Firmware, Dir-615 J1 and 11 more	2024-11-21	9.8 Critical
Certain D-Link devices have a hardcoded Alphanetworks user account with TELNET access because of /etc/config/image_sign or /etc/alpha_config/image_sign. This affects DIR-600 B1 V2.01 for WW, DIR-890L A1 v1.03, DIR-615 J1 v100 (for DCN), DIR-645 A1 v1.03, DIR-815 A1 v1.01, DIR-823 A1 v1.01, and DIR-842 C1 v3.00.
CVE-2019-17525	1 Dlink	2 Dir-615, Dir-615 Firmware	2024-11-21	8.8 High
The login page on D-Link DIR-615 T1 20.10 devices allows remote attackers to bypass the CAPTCHA protection mechanism and conduct brute-force attacks.
CVE-2019-17353	1 Dlink	2 Dir-615, Dir-615 Firmware	2024-11-21	8.2 High
An issue discovered on D-Link DIR-615 devices with firmware version 20.05 and 20.07. wan.htm can be accessed directly without authentication, which can lead to disclosure of information about the WAN, and can also be leveraged by an attacker to modify the data fields of the page.
CVE-2018-15875	1 Dlink	2 Dir-615, Dir-615 Firmware	2024-11-21	6.1 Medium
Cross-site scripting (XSS) vulnerability on D-Link DIR-615 routers 20.07 allows attackers to inject JavaScript into the router's admin UPnP page via the description field in an AddPortMapping UPnP SOAP request.
CVE-2018-15874	1 Dlink	2 Dir-615, Dir-615 Firmware	2024-11-21	6.1 Medium
Cross-site scripting (XSS) vulnerability on D-Link DIR-615 routers 20.07 allows an attacker to inject JavaScript into the "Status -> Active Client Table" page via the hostname field in a DHCP request.
CVE-2018-15839	1 Dlink	2 Dir-615, Dir-615 Firmware	2024-11-21	9.8 Critical
D-Link DIR-615 devices have a buffer overflow via a long Authorization HTTP header.
CVE-2018-10431	2 D-link, Dlink	2 Dir-615 Firmware, Dir-615	2024-11-21	N/A
D-Link DIR-615 2.5.17 devices allow Remote Code Execution via shell metacharacters in the Host field of the System / Traceroute screen.
CVE-2018-10110	2 D-link, Dlink	2 Dir-615 T1 Firmware, Dir-615 T1	2024-11-21	N/A
D-Link DIR-615 T1 devices allow XSS via the Add User feature.

« first previous Page 2 of 2.