Filtered by vendor Dlink Subscriptions
Filtered by product Dir-615 Firmware Subscriptions
Total 12 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-0717 1 Dlink 88 Dap-1360, Dap-1360 Firmware, Dir-1210 and 85 more 2024-11-21 5.3 Medium
A vulnerability classified as critical was found in D-Link DAP-1360, DIR-300, DIR-615, DIR-615GF, DIR-615S, DIR-615T, DIR-620, DIR-620S, DIR-806A, DIR-815, DIR-815AC, DIR-815S, DIR-816, DIR-820, DIR-822, DIR-825, DIR-825AC, DIR-825ACF, DIR-825ACG1, DIR-841, DIR-842, DIR-842S, DIR-843, DIR-853, DIR-878, DIR-882, DIR-1210, DIR-1260, DIR-2150, DIR-X1530, DIR-X1860, DSL-224, DSL-245GR, DSL-2640U, DSL-2750U, DSL-G2452GR, DVG-5402G, DVG-5402G, DVG-5402GFRU, DVG-N5402G, DVG-N5402G-IL, DWM-312W, DWM-321, DWR-921, DWR-953 and Good Line Router v2 up to 20240112. This vulnerability affects unknown code of the file /devinfo of the component HTTP GET Request Handler. The manipulation of the argument area with the input notice|net|version leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-251542 is the identifier assigned to this vulnerability.
CVE-2021-42627 1 Dlink 8 Dir-615, Dir-615 Firmware, Dir-615 J1 and 5 more 2024-11-21 9.8 Critical
The WAN configuration page "wan.htm" on D-Link DIR-615 devices with firmware 20.06 can be accessed directly without authentication which can lead to disclose the information about WAN settings and also leverage attacker to modify the data fields of page.
CVE-2021-40654 1 Dlink 2 Dir-615, Dir-615 Firmware 2024-11-21 6.5 Medium
An information disclosure issue exist in D-LINK-DIR-615 B2 2.01mt. An attacker can obtain a user name and password by forging a post request to the / getcfg.php page
CVE-2021-37388 1 Dlink 2 Dir-615, Dir-615 Firmware 2024-11-21 9.8 Critical
A buffer overflow in D-Link DIR-615 C2 3.03WW. The ping_ipaddr parameter in ping_response.cgi POST request allows an attacker to crash the webserver and might even gain remote code execution.
CVE-2019-19742 1 Dlink 2 Dir-615, Dir-615 Firmware 2024-11-21 4.8 Medium
On D-Link DIR-615 devices, the User Account Configuration page is vulnerable to blind XSS via the name field.
CVE-2019-17525 1 Dlink 2 Dir-615, Dir-615 Firmware 2024-11-21 8.8 High
The login page on D-Link DIR-615 T1 20.10 devices allows remote attackers to bypass the CAPTCHA protection mechanism and conduct brute-force attacks.
CVE-2019-17353 1 Dlink 2 Dir-615, Dir-615 Firmware 2024-11-21 8.2 High
An issue discovered on D-Link DIR-615 devices with firmware version 20.05 and 20.07. wan.htm can be accessed directly without authentication, which can lead to disclosure of information about the WAN, and can also be leveraged by an attacker to modify the data fields of the page.
CVE-2019-16920 1 Dlink 20 Dap-1533, Dap-1533 Firmware, Dhp-1565 and 17 more 2024-11-21 9.8 Critical
Unauthenticated remote code execution occurs in D-Link products such as DIR-655C, DIR-866L, DIR-652, and DHP-1565. The issue occurs when the attacker sends an arbitrary input to a "PingTest" device common gateway interface that could lead to common injection. An attacker who successfully triggers the command injection could achieve full system compromise. Later, it was independently found that these are also affected: DIR-855L, DAP-1533, DIR-862L, DIR-615, DIR-835, and DIR-825.
CVE-2018-15875 1 Dlink 2 Dir-615, Dir-615 Firmware 2024-11-21 6.1 Medium
Cross-site scripting (XSS) vulnerability on D-Link DIR-615 routers 20.07 allows attackers to inject JavaScript into the router's admin UPnP page via the description field in an AddPortMapping UPnP SOAP request.
CVE-2018-15874 1 Dlink 2 Dir-615, Dir-615 Firmware 2024-11-21 6.1 Medium
Cross-site scripting (XSS) vulnerability on D-Link DIR-615 routers 20.07 allows an attacker to inject JavaScript into the "Status -> Active Client Table" page via the hostname field in a DHCP request.
CVE-2018-15839 1 Dlink 2 Dir-615, Dir-615 Firmware 2024-11-21 9.8 Critical
D-Link DIR-615 devices have a buffer overflow via a long Authorization HTTP header.
CVE-2014-8361 3 Aterm, Dlink, Realtek 49 W1200ex, W1200ex-ms, W1200ex-ms Firmware and 46 more 2024-11-21 9.8 Critical
The miniigd SOAP service in Realtek SDK allows remote attackers to execute arbitrary code via a crafted NewInternalClient request, as exploited in the wild through 2023.