Details of VAR-201706-0707

ID

VAR-201706-0707

CVE

CVE-2017-9542

TITLE

D-Link DIR-615 wireless N 300 Authentication vulnerabilities in routers

Trust: 0.8

sources: JVNDB: JVNDB-2017-004856

DESCRIPTION

D-Link DIR-615 Wireless N 300 Router allows authentication bypass via a modified POST request to login.cgi. This issue occurs because it fails to validate the password field. Successful exploitation of this issue allows an attacker to take control of the affected device. The D-Link DIR-615 Wireless N300 is a wireless router product from D-Link. A security vulnerability exists in the D-LinkDIR-615 Wireless N300 router that originated from the program unverified password field. This may lead to further attacks

Trust: 2.52

sources: NVD: CVE-2017-9542 // JVNDB: JVNDB-2017-004856 // CNVD: CNVD-2017-12934 // BID: 98992 // VULHUB: VHN-117745

IOT TAXONOMY

category:

['IoT', 'Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2017-12934

AFFECTED PRODUCTS

vendor:	d link	model:	dir-615	scope:	-	version:	-	Trust: 1.4
vendor:	d link	model:	dir-615	scope:	eq	version:	*	Trust: 1.0
vendor:	d link	model:	dir-615 wireless n router	scope:	eq	version:	300	Trust: 0.6
vendor:	d link	model:	dir-615 wireless n router	scope:	eq	version:	3000	Trust: 0.3

sources: CNVD: CNVD-2017-12934 // BID: 98992 // JVNDB: JVNDB-2017-004856 // CNNVD: CNNVD-201706-338 // NVD: CVE-2017-9542

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-9542
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2017-9542
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2017-12934
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201706-338
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-117745
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2017-9542
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2017-12934
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-117745
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-9542
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2017-12934 // VULHUB: VHN-117745 // JVNDB: JVNDB-2017-004856 // CNNVD: CNNVD-201706-338 // NVD: CVE-2017-9542

PROBLEMTYPE DATA

problemtype:

CWE-287

Trust: 1.9

sources: VULHUB: VHN-117745 // JVNDB: JVNDB-2017-004856 // NVD: CVE-2017-9542

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201706-338

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201706-338

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-004856

PATCH

title:	DIR-615	url:	http://www.dlink.com/uk/en/support/product/dir-615-wireless-n-300-router	Trust: 0.8
title:	D-LinkDIR-615 WirelessN300 Router Verifies Patches for Bypassing Vulnerabilities	url:	https://www.cnvd.org.cn/patchInfo/show/97360	Trust: 0.6
title:	D-Link DIR-615 Wireless N 300 Repair measures for router security vulnerabilities	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=70850	Trust: 0.6

sources: CNVD: CNVD-2017-12934 // JVNDB: JVNDB-2017-004856 // CNNVD: CNNVD-201706-338

EXTERNAL IDS

db:	BID	id:	98992	Trust: 3.4
db:	NVD	id:	CVE-2017-9542	Trust: 3.4
db:	JVNDB	id:	JVNDB-2017-004856	Trust: 0.8
db:	CNNVD	id:	CNNVD-201706-338	Trust: 0.7
db:	CNVD	id:	CNVD-2017-12934	Trust: 0.6
db:	VULHUB	id:	VHN-117745	Trust: 0.1

sources: CNVD: CNVD-2017-12934 // VULHUB: VHN-117745 // BID: 98992 // JVNDB: JVNDB-2017-004856 // CNNVD: CNNVD-201706-338 // NVD: CVE-2017-9542

REFERENCES

url:	https://www.facebook.com/tigerboy777/videos/1368513696568992/	Trust: 3.1
url:	http://www.securityfocus.com/bid/98992	Trust: 3.1
url:	https://twitter.com/tiger_tigerboy/status/873458088321220609	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-9542	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-9542	Trust: 0.8
url:	http://www.dlink.com/	Trust: 0.3

sources: CNVD: CNVD-2017-12934 // VULHUB: VHN-117745 // BID: 98992 // JVNDB: JVNDB-2017-004856 // CNNVD: CNNVD-201706-338 // NVD: CVE-2017-9542

CREDITS

Sachin Wagh

Trust: 0.3

sources: BID: 98992

SOURCES

db:	CNVD	id:	CNVD-2017-12934
db:	VULHUB	id:	VHN-117745
db:	BID	id:	98992
db:	JVNDB	id:	JVNDB-2017-004856
db:	CNNVD	id:	CNNVD-201706-338
db:	NVD	id:	CVE-2017-9542

LAST UPDATE DATE

2025-04-20T23:22:21.035000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2017-12934	date:	2017-07-05T00:00:00
db:	VULHUB	id:	VHN-117745	date:	2017-06-22T00:00:00
db:	BID	id:	98992	date:	2017-06-11T00:00:00
db:	JVNDB	id:	JVNDB-2017-004856	date:	2017-07-10T00:00:00
db:	CNNVD	id:	CNNVD-201706-338	date:	2023-04-27T00:00:00
db:	NVD	id:	CVE-2017-9542	date:	2025-04-20T01:37:25.860

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2017-12934	date:	2017-07-05T00:00:00
db:	VULHUB	id:	VHN-117745	date:	2017-06-11T00:00:00
db:	BID	id:	98992	date:	2017-06-11T00:00:00
db:	JVNDB	id:	JVNDB-2017-004856	date:	2017-07-10T00:00:00
db:	CNNVD	id:	CNNVD-201706-338	date:	2017-06-12T00:00:00
db:	NVD	id:	CVE-2017-9542	date:	2017-06-11T23:29:00.167