Sign-up

ID

VAR-201704-1487


CVE

CVE-2017-7398


TITLE

D-Link DIR-615 T1 Cross-site request forgery vulnerability in some firmware

Trust: 0.8

sources: JVNDB: JVNDB-2017-002952

DESCRIPTION

D-Link DIR-615 HW: T1 FW:20.09 is vulnerable to Cross-Site Request Forgery (CSRF) vulnerability. This enables an attacker to perform an unwanted action on a wireless router for which the user/admin is currently authenticated, as demonstrated by changing the Security option from WPA2 to None, or changing the hiddenSSID parameter, SSID parameter, or a security-option password. D-Link DIR-615 T1 Contains a cross-site request forgery vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out. D-LinkDIR615 is a wireless router product from D-Link. A remote attacker could use this vulnerability to send a specially crafted request to exploit the vulnerability to change the administrator password and network policy

Trust: 2.25

sources: NVD: CVE-2017-7398 // JVNDB: JVNDB-2017-002952 // CNVD: CNVD-2017-05515 // VULHUB: VHN-115601

IOT TAXONOMY

category:['IoT', 'Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-05515

AFFECTED PRODUCTS

vendor:d linkmodel:dir-615scope:eqversion:20.09

Trust: 2.4

vendor:d linkmodel:dir-615 hw: t1 fw:20.09scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2017-05515 // JVNDB: JVNDB-2017-002952 // NVD: CVE-2017-7398 // CNNVD: CNNVD-201704-145

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2017-7398
value: HIGH

Trust: 1.8

CNVD: CNVD-2017-05515
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201704-145
value: HIGH

Trust: 0.6

VULHUB: VHN-115601
value: MEDIUM

Trust: 0.1

NVD:
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: FALSE
obtainAllPrivilege: FALSE
obtainUserPrivilege: FALSE
obtainOtherPrivilege: FALSE
userInteractionRequired: TRUE
version: 2.0

Trust: 1.0

NVD: CVE-2017-7398
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2017-05515
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-115601
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

NVD:
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.0

NVD: CVE-2017-7398
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2017-05515 // VULHUB: VHN-115601 // JVNDB: JVNDB-2017-002952 // NVD: CVE-2017-7398 // CNNVD: CNNVD-201704-145

PROBLEMTYPE DATA

problemtype:CWE-352

Trust: 1.9

sources: VULHUB: VHN-115601 // JVNDB: JVNDB-2017-002952 // NVD: CVE-2017-7398

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201704-145

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-201704-145

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2017-7398

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-115601

PATCH
title:DIR-615url:http://www.dlink.ru/ru/products/5/2067.html
Trust: 0.8
title:D-LinkDIR615HW cross-site request forgery vulnerability patchurl:https://www.cnvd.org.cn/patchinfo/show/92185
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-05515 // 
            
            
            
            JVNDB: JVNDB-2017-002952

EXTERNAL IDS
db:NVDid:CVE-2017-7398
Trust: 3.1
db:EXPLOIT-DBid:41821
Trust: 1.7
db:JVNDBid:JVNDB-2017-002952
Trust: 0.8
db:CNNVDid:CNNVD-201704-145
Trust: 0.7
db:CXSECURITYid:WLB-2017040008
Trust: 0.6
db:CNVDid:CNVD-2017-05515
Trust: 0.6
db:PACKETSTORMid:141924
Trust: 0.1
db:VULHUBid:VHN-115601
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-05515 // 
            
            
            
            VULHUB: VHN-115601 // 
            
            
            
            JVNDB: JVNDB-2017-002952 // 
            
            
            
            NVD: CVE-2017-7398 // 
            
            
            
            CNNVD: CNNVD-201704-145

REFERENCES
url:http://seclists.org/fulldisclosure/2017/apr/4
Trust: 2.5
url:https://www.exploit-db.com/exploits/41821/
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-7398
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-7398
Trust: 0.8
url:https://cxsecurity.com/issue/wlb-2017040008
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-05515 // 
            
            
            
            VULHUB: VHN-115601 // 
            
            
            
            JVNDB: JVNDB-2017-002952 // 
            
            
            
            NVD: CVE-2017-7398 // 
            
            
            
            CNNVD: CNNVD-201704-145

SOURCES
db:CNVDid:CNVD-2017-05515
db:VULHUBid:VHN-115601
db:JVNDBid:JVNDB-2017-002952
db:NVDid:CVE-2017-7398
db:CNNVDid:CNNVD-201704-145

LAST UPDATE DATE
2023-12-18T14:01:38.869000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-05515date:2017-04-27T00:00:00
db:VULHUBid:VHN-115601date:2017-08-16T00:00:00
db:JVNDBid:JVNDB-2017-002952date:2017-05-09T00:00:00
db:NVDid:CVE-2017-7398date:2023-04-26T18:55:30.893
db:CNNVDid:CNNVD-201704-145date:2023-04-27T00:00:00

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-05515date:2017-04-27T00:00:00
db:VULHUBid:VHN-115601date:2017-04-04T00:00:00
db:JVNDBid:JVNDB-2017-002952date:2017-05-09T00:00:00
db:NVDid:CVE-2017-7398date:2017-04-04T14:59:00.273
db:CNNVDid:CNNVD-201704-145date:2017-04-07T00:00:00