Details of VAR-201403-0713

ID

VAR-201403-0713

TITLE

D-Link DIR-615 Multiple Security Vulnerabilities

Trust: 0.9

sources: BID: 66286 // CNNVD: CNNVD-201403-532

DESCRIPTION

The D-Link DIR-615 is a router device. There are several security vulnerabilities in D-Link DIR-615: 1. There is a cross-site request forgery vulnerability that allows remote attackers to build malicious URIs, entice users to resolve, and perform malicious operations in the target user context, such as changing device configuration. 2. The application fails to properly restrict access to certain requests, allowing an attacker to exploit the vulnerability to obtain sensitive information. D-Link DIR-615 is a small wireless router product from D-Link. There are multiple security vulnerabilities in D-Link DIR-615 routers running 5.10 and earlier firmware, including: 1. Authentication bypass vulnerability 2. Cross-site request forgery vulnerability 3. HTML injection vulnerability 4. Information leakage vulnerability Attackers can use these vulnerabilities to execute HTML and arbitrary script code in the context of the affected device, steal cookie-based authentication, bypass authentication mechanisms, or obtain sensitive information. Other attacks are also possible

Trust: 1.35

sources: CNVD: CNVD-2014-01855 // CNNVD: CNNVD-201403-532 // BID: 66286

IOT TAXONOMY

category:

['IoT', 'Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2014-01855

AFFECTED PRODUCTS

vendor:	d link	model:	dir-615	scope:	-	version:	-	Trust: 0.6
vendor:	d link	model:	dir-615	scope:	eq	version:	5.10	Trust: 0.3

sources: CNVD: CNVD-2014-01855 // BID: 66286

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2014-01855
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2014-01855
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2014-01855

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201403-532

TYPE

Unknown

Trust: 0.3

sources: BID: 66286

EXTERNAL IDS

db:	DLINK	id:	SAP10016	Trust: 0.9
db:	BID	id:	66286	Trust: 0.9
db:	SECUNIA	id:	57268	Trust: 0.6
db:	CNVD	id:	CNVD-2014-01855	Trust: 0.6
db:	CNNVD	id:	CNNVD-201403-532	Trust: 0.6

sources: CNVD: CNVD-2014-01855 // BID: 66286 // CNNVD: CNNVD-201403-532

REFERENCES

url:	http://securityadvisories.dlink.com/security/publication.aspx?name=sap10016	Trust: 0.9
url:	http://security-geek.in/blog/dlink-dir-615-hardware-ve4-firmware-v5-10-csrf-vulnerability/	Trust: 0.6
url:	http://secunia.com/advisories/57268/	Trust: 0.6
url:	http://www.securityfocus.com/bid/66286	Trust: 0.6
url:	http://www.dlink.com/	Trust: 0.3

sources: CNVD: CNVD-2014-01855 // BID: 66286 // CNNVD: CNNVD-201403-532

CREDITS

The vendor reported these issues.

Trust: 0.3

sources: BID: 66286

SOURCES

db:	CNVD	id:	CNVD-2014-01855
db:	BID	id:	66286
db:	CNNVD	id:	CNNVD-201403-532

LAST UPDATE DATE

2022-05-17T02:01:12.600000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2014-01855	date:	2014-03-21T00:00:00
db:	BID	id:	66286	date:	2014-03-17T00:00:00
db:	CNNVD	id:	CNNVD-201403-532	date:	2014-03-28T00:00:00

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2014-01855	date:	2014-03-21T00:00:00
db:	BID	id:	66286	date:	2014-03-17T00:00:00
db:	CNNVD	id:	CNNVD-201403-532	date:	2014-03-28T00:00:00