Details of VAR-201710-0546

ID

VAR-201710-0546

CVE

CVE-2017-15909

TITLE

D-Link DGS-1500 Ax Vulnerabilities related to the use of hard-coded credentials in device firmware

Trust: 0.8

sources: JVNDB: JVNDB-2017-009642

DESCRIPTION

D-Link DGS-1500 Ax devices before 2.51B021 have a hardcoded password, which allows remote attackers to obtain shell access. D-Link DGS-1500 Ax Device firmware contains a vulnerability related to the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. D-LinkDGS-1500Axdevices is a switch device from D-Link. D-Link DGS-1500 Ax Products are prone to a security-bypass vulnerability. Attackers can exploit this issue to bypass the authentication mechanism and gain access to the vulnerable device. Versions prior to D-Link DGS-1500 Ax 2.51B021 are vulnerable

Trust: 2.52

sources: NVD: CVE-2017-15909 // JVNDB: JVNDB-2017-009642 // CNVD: CNVD-2017-35893 // BID: 101576 // VULHUB: VHN-106778

IOT TAXONOMY

category:

['IoT', 'Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2017-35893

AFFECTED PRODUCTS

vendor:	dlink	model:	dgs-1500	scope:	eq	version:	2.10.002	Trust: 1.0
vendor:	dlink	model:	dgs-1500	scope:	eq	version:	2.50.008	Trust: 1.0
vendor:	dlink	model:	dgs-1500	scope:	eq	version:	2.51.005	Trust: 1.0
vendor:	d link	model:	dgs-1500	scope:	lt	version:	2.51b021	Trust: 0.8
vendor:	d link	model:	dgs-1500 ax devices <2.51b021	scope:	-	version:	-	Trust: 0.6
vendor:	d link	model:	dgs-1500	scope:	eq	version:	2.51.005	Trust: 0.6
vendor:	d link	model:	dgs-1500	scope:	eq	version:	2.10.002	Trust: 0.6
vendor:	d link	model:	dgs-1500	scope:	eq	version:	2.50.008	Trust: 0.6
vendor:	d link	model:	dgs-1500 ax	scope:	eq	version:	2.4	Trust: 0.3
vendor:	d link	model:	dgs-1500 ax	scope:	eq	version:	2.3	Trust: 0.3
vendor:	d link	model:	dgs-1500 ax	scope:	eq	version:	2.2	Trust: 0.3
vendor:	d link	model:	dgs-1500 ax	scope:	eq	version:	2.1	Trust: 0.3
vendor:	d link	model:	dgs-1500 ax	scope:	eq	version:	2.0	Trust: 0.3
vendor:	d link	model:	dgs-1500 ax 2.51b021	scope:	ne	version:	-	Trust: 0.3

sources: CNVD: CNVD-2017-35893 // BID: 101576 // JVNDB: JVNDB-2017-009642 // CNNVD: CNNVD-201710-1229 // NVD: CVE-2017-15909

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-15909
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2017-15909
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2017-35893
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201710-1229
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-106778
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2017-15909
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2017-35893
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-106778
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-15909
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2017-35893 // VULHUB: VHN-106778 // JVNDB: JVNDB-2017-009642 // CNNVD: CNNVD-201710-1229 // NVD: CVE-2017-15909

PROBLEMTYPE DATA

problemtype:

CWE-798

Trust: 1.9

sources: VULHUB: VHN-106778 // JVNDB: JVNDB-2017-009642 // NVD: CVE-2017-15909

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201710-1229

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-201710-1229

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-009642

PATCH

title:	DGS-1500 Series Firmware Patch Notes (DGS-1500-52)	url:	ftp://ftp2.dlink.com/PRODUCTS/DGS-1500-52/REVA/DGS-1500_REVA_FIRMWARE_PATCH_NOTES_2.51.021_EN.pdf	Trust: 0.8
title:	DGS-1500 Series Firmware Patch Notes (DGS-1500-20)	url:	ftp://ftp2.dlink.com/PRODUCTS/DGS-1500-20/REVA/DGS-1500_REVA_FIRMWARE_PATCH_NOTES_2.51.021_EN.pdf	Trust: 0.8
title:	DGS-1500 Series Firmware Patch Notes (DGS-1500-28)	url:	ftp://ftp2.dlink.com/PRODUCTS/DGS-1500-28/REVA/DGS-1500_REVA_FIRMWARE_PATCH_NOTES_2.51.021_EN.pdf	Trust: 0.8
title:	DGS-1500 Series Firmware Patch Notes (DGS-1500-28P)	url:	ftp://ftp2.dlink.com/PRODUCTS/DGS-1500-28P/REVA/DGS-1500_REVA_FIRMWARE_PATCH_NOTES_2.51.021_EN.pdf	Trust: 0.8
title:	D-LinkDGS-1500Ax device hardcoded password vulnerability patch	url:	https://www.cnvd.org.cn/patchInfo/show/107605	Trust: 0.6
title:	D-Link DGS-1500 Ax Repair measures for device security vulnerabilities	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=76018	Trust: 0.6

sources: CNVD: CNVD-2017-35893 // JVNDB: JVNDB-2017-009642 // CNNVD: CNNVD-201710-1229

EXTERNAL IDS

db:	NVD	id:	CVE-2017-15909	Trust: 3.4
db:	JVNDB	id:	JVNDB-2017-009642	Trust: 0.8
db:	CNVD	id:	CNVD-2017-35893	Trust: 0.6
db:	CNNVD	id:	CNNVD-201710-1229	Trust: 0.6
db:	BID	id:	101576	Trust: 0.4
db:	VULHUB	id:	VHN-106778	Trust: 0.1

sources: CNVD: CNVD-2017-35893 // VULHUB: VHN-106778 // BID: 101576 // JVNDB: JVNDB-2017-009642 // CNNVD: CNNVD-201710-1229 // NVD: CVE-2017-15909

REFERENCES

url:	ftp://ftp2.dlink.com/products/dgs-1500-20/reva/dgs-1500_reva_firmware_patch_notes_2.51.021_en.pdf	Trust: 2.3
url:	ftp://ftp2.dlink.com/products/dgs-1500-28/reva/dgs-1500_reva_firmware_patch_notes_2.51.021_en.pdf	Trust: 2.0
url:	ftp://ftp2.dlink.com/products/dgs-1500-28p/reva/dgs-1500_reva_firmware_patch_notes_2.51.021_en.pdf	Trust: 1.7
url:	ftp://ftp2.dlink.com/products/dgs-1500-52/reva/dgs-1500_reva_firmware_patch_notes_2.51.021_en.pdf	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-15909	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-15909	Trust: 0.8
url:	http://www.dlink.com/	Trust: 0.3

sources: CNVD: CNVD-2017-35893 // VULHUB: VHN-106778 // BID: 101576 // JVNDB: JVNDB-2017-009642 // CNNVD: CNNVD-201710-1229 // NVD: CVE-2017-15909

CREDITS

David Manouchehr

Trust: 0.3

sources: BID: 101576

SOURCES

db:	CNVD	id:	CNVD-2017-35893
db:	VULHUB	id:	VHN-106778
db:	BID	id:	101576
db:	JVNDB	id:	JVNDB-2017-009642
db:	CNNVD	id:	CNNVD-201710-1229
db:	NVD	id:	CVE-2017-15909

LAST UPDATE DATE

2025-04-20T23:04:08.667000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2017-35893	date:	2017-12-01T00:00:00
db:	VULHUB	id:	VHN-106778	date:	2017-11-15T00:00:00
db:	BID	id:	101576	date:	2017-12-19T20:00:00
db:	JVNDB	id:	JVNDB-2017-009642	date:	2017-11-17T00:00:00
db:	CNNVD	id:	CNNVD-201710-1229	date:	2023-04-27T00:00:00
db:	NVD	id:	CVE-2017-15909	date:	2025-04-20T01:37:25.860

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2017-35893	date:	2017-12-01T00:00:00
db:	VULHUB	id:	VHN-106778	date:	2017-10-26T00:00:00
db:	BID	id:	101576	date:	2017-09-06T00:00:00
db:	JVNDB	id:	JVNDB-2017-009642	date:	2017-11-17T00:00:00
db:	CNNVD	id:	CNNVD-201710-1229	date:	2017-10-25T00:00:00
db:	NVD	id:	CVE-2017-15909	date:	2017-10-26T03:29:00.267