CVE-2017-7405 - OpenCVE

On the D-Link DIR-615 before v20.12PTb04, once authenticated, this device identifies the user based on the IP address of his machine. By spoofing the IP address belonging to the victim's host, an attacker might be able to take over the administrative session without being prompted for authentication credentials. An attacker can get the victim's and router's IP addresses by simply sniffing the network traffic. Moreover, if the victim has web access enabled on his router and is accessing the web interface from a different network that is behind the NAT/Proxy, an attacker can sniff the network traffic to know the public IP address of the victim's router and take over his session as he won't be prompted for credentials.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Dlink	Dir-615

Configuration 1 [-]

AND

cpe:2.3:o:dlink:dir-615:*:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dir-615:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-615/REVT/DIR-615_REVT_FIRMWARE_PATCH_v20.12PTb04.zip
https://www.qualys.com/2017/03/12/qsa-2017-03-12/qsa-2017-03-12.pdf

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2017-07-07T12:00:00

Updated: 2024-08-05T16:04:10.592Z

Reserved: 2017-04-03T00:00:00

Link: CVE-2017-7405

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2017-07-07T12:29:00.293

Modified: 2021-04-23T14:54:52.760

Link: CVE-2017-7405

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2017-07-07T00:00:00", "descriptions": [{"lang": "en", "value": "On the D-Link DIR-615 before v20.12PTb04, once authenticated, this device identifies the user based on the IP address of his machine. By spoofing the IP address belonging to the victim's host, an attacker might be able to take over the administrative session without being prompted for authentication credentials. An attacker can get the victim's and router's IP addresses by simply sniffing the network traffic. Moreover, if the victim has web access enabled on his router and is accessing the web interface from a different network that is behind the NAT/Proxy, an attacker can sniff the network traffic to know the public IP address of the victim's router and take over his session as he won't be prompted for credentials."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-07T11:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-615/REVT/DIR-615_REVT_FIRMWARE_PATCH_v20.12PTb04.zip"}, {"tags": ["x_refsource_MISC"], "url": "https://www.qualys.com/2017/03/12/qsa-2017-03-12/qsa-2017-03-12.pdf"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-7405", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "On the D-Link DIR-615 before v20.12PTb04, once authenticated, this device identifies the user based on the IP address of his machine. By spoofing the IP address belonging to the victim's host, an attacker might be able to take over the administrative session without being prompted for authentication credentials. An attacker can get the victim's and router's IP addresses by simply sniffing the network traffic. Moreover, if the victim has web access enabled on his router and is accessing the web interface from a different network that is behind the NAT/Proxy, an attacker can sniff the network traffic to know the public IP address of the victim's router and take over his session as he won't be prompted for credentials."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-615/REVT/DIR-615_REVT_FIRMWARE_PATCH_v20.12PTb04.zip", "refsource": "MISC", "url": "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-615/REVT/DIR-615_REVT_FIRMWARE_PATCH_v20.12PTb04.zip"}, {"name": "https://www.qualys.com/2017/03/12/qsa-2017-03-12/qsa-2017-03-12.pdf", "refsource": "MISC", "url": "https://www.qualys.com/2017/03/12/qsa-2017-03-12/qsa-2017-03-12.pdf"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T16:04:10.592Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-615/REVT/DIR-615_REVT_FIRMWARE_PATCH_v20.12PTb04.zip"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.qualys.com/2017/03/12/qsa-2017-03-12/qsa-2017-03-12.pdf"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-7405", "datePublished": "2017-07-07T12:00:00", "dateReserved": "2017-04-03T00:00:00", "dateUpdated": "2024-08-05T16:04:10.592Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dlink:dir-615:*:*:*:*:*:*:*:*", "matchCriteriaId": "F1744224-B87C-4342-AC97-21668EB17709", "versionEndIncluding": "20.12ptb01", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dlink:dir-615:*:*:*:*:*:*:*:*", "matchCriteriaId": "05E1CAC5-130B-4B49-85B9-DEEA5ED57B61", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "On the D-Link DIR-615 before v20.12PTb04, once authenticated, this device identifies the user based on the IP address of his machine. By spoofing the IP address belonging to the victim's host, an attacker might be able to take over the administrative session without being prompted for authentication credentials. An attacker can get the victim's and router's IP addresses by simply sniffing the network traffic. Moreover, if the victim has web access enabled on his router and is accessing the web interface from a different network that is behind the NAT/Proxy, an attacker can sniff the network traffic to know the public IP address of the victim's router and take over his session as he won't be prompted for credentials."}, {"lang": "es", "value": "En D-Link DIR-615 en versiones anteriores a la v20.12PTb04, una vez autenticado, el dispositivo identifica al usuario bas\u00e1ndose en la direcci\u00f3n IP de su m\u00e1quina. Al suplantar la direcci\u00f3n IP perteneciente al host de la v\u00edctima, un atacante podr\u00eda ser capaz de asumir el control de la sesi\u00f3n administrativa sin que se le pidan credenciales de autenticaci\u00f3n. Un atacante puede conseguir las direcciones IP de la v\u00edctima y del router suplantando el tr\u00e1fico de red. Adem\u00e1s, si al v\u00edctima tiene el acceso web habilitado en su router y est\u00e1 accediendo a la interfaz web desde una red distinta que est\u00e1 detr\u00e1s del NAT/Proxy, un atacante puede suplantar el tr\u00e1fico de red para conocer la direcci\u00f3n IP p\u00fablica del router de la v\u00edctima y tomar el control de su sesi\u00f3n, ya que no se le pedir\u00e1n credenciales."}], "id": "CVE-2017-7405", "lastModified": "2021-04-23T14:54:52.760", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-07-07T12:29:00.293", "references": [{"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-615/REVT/DIR-615_REVT_FIRMWARE_PATCH_v20.12PTb04.zip"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.qualys.com/2017/03/12/qsa-2017-03-12/qsa-2017-03-12.pdf"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Primary"}]}