On the D-Link DIR-615 before v20.12PTb04, if a victim logged in to the Router's Web Interface visits a malicious site from another Browser tab, the malicious site then can send requests to the victim's Router without knowing the credentials (CSRF). An attacker can host a page that sends a POST request to Form2File.htm that tries to upload Firmware to victim's Router. This causes the router to reboot/crash resulting in Denial of Service. An attacker may succeed in uploading malicious Firmware.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2024-08-05T16:04:10.592Z

Reserved: 2017-04-03T00:00:00

Link: CVE-2017-7404

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Deferred

Published: 2017-07-07T12:29:00.260

Modified: 2025-04-20T01:37:25.860

Link: CVE-2017-7404

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.