ID
VAR-E-201403-0587
TITLE
D-Link DIR-615 Multiple Security Vulnerabilities
Trust: 0.3
DESCRIPTION
D-Link DIR-615 is prone to the following security vulnerabilities:
1. An authentication-bypass vulnerability
2. A cross-site request-forgery vulnerability
3. An HTML-injection vulnerability
4. Multiple information disclosure vulnerabilities
An attacker can exploit these issues to execute HTML and arbitrary script code in the browser of an unsuspecting user in the context of the affected device, steal cookie-based authentication credentials, bypass-authentication mechanisms, or gain access to potentially sensitive information. Other attacks are also possible.
D-Link DIR-615 router running firmware version 5.10 and below are vulnerable.
Trust: 0.3
AFFECTED PRODUCTS
| vendor: | d link | model: | dir-615 | scope: | eq | version: | 5.10 | Trust: 0.3 |
EXPLOIT
An attacker can exploit these issues through readily available tools and a browser. To exploit HTML-injection and cross-site request-forgery issues, the attacker must entice an unsuspecting victim to follow a malicious URI.
Trust: 0.3
PRICE
Free
Trust: 0.3
TYPE
Unknown
Trust: 0.3
CREDITS
The vendor reported these issues.
Trust: 0.3
EXTERNAL IDS
| db: | DLINK | id: | SAP10016 | Trust: 0.3 |
| db: | BID | id: | 66286 | Trust: 0.3 |
REFERENCES
| url: | http://www.dlink.com/ | Trust: 0.3 |
| url: | http://securityadvisories.dlink.com/security/publication.aspx?name=sap10016 | Trust: 0.3 |
SOURCES
| db: | BID | id: | 66286 |
LAST UPDATE DATE
2022-07-27T09:47:27.391000+00:00
SOURCES UPDATE DATE
| db: | BID | id: | 66286 | date: | 2014-03-17T00:00:00 |
SOURCES RELEASE DATE
| db: | BID | id: | 66286 | date: | 2014-03-17T00:00:00 |