VAR-201403-0713
Vulnerability from variot - Updated: 2022-05-17 02:01The D-Link DIR-615 is a router device. There are several security vulnerabilities in D-Link DIR-615: 1. There is a cross-site request forgery vulnerability that allows remote attackers to build malicious URIs, entice users to resolve, and perform malicious operations in the target user context, such as changing device configuration. 2. The application fails to properly restrict access to certain requests, allowing an attacker to exploit the vulnerability to obtain sensitive information. D-Link DIR-615 is a small wireless router product from D-Link. There are multiple security vulnerabilities in D-Link DIR-615 routers running 5.10 and earlier firmware, including: 1. Authentication bypass vulnerability 2. Cross-site request forgery vulnerability 3. HTML injection vulnerability 4. Information leakage vulnerability Attackers can use these vulnerabilities to execute HTML and arbitrary script code in the context of the affected device, steal cookie-based authentication, bypass authentication mechanisms, or obtain sensitive information. Other attacks are also possible
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201403-0713",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dir-615",
"scope": null,
"trust": 0.6,
"vendor": "d link",
"version": null
},
{
"model": "dir-615",
"scope": "eq",
"trust": 0.3,
"vendor": "d link",
"version": "5.10"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-01855"
},
{
"db": "BID",
"id": "66286"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported these issues.",
"sources": [
{
"db": "BID",
"id": "66286"
}
],
"trust": 0.3
},
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2014-01855",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "CNVD",
"id": "CNVD-2014-01855",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-01855"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The D-Link DIR-615 is a router device. There are several security vulnerabilities in D-Link DIR-615: 1. There is a cross-site request forgery vulnerability that allows remote attackers to build malicious URIs, entice users to resolve, and perform malicious operations in the target user context, such as changing device configuration. 2. The application fails to properly restrict access to certain requests, allowing an attacker to exploit the vulnerability to obtain sensitive information. D-Link DIR-615 is a small wireless router product from D-Link. \nThere are multiple security vulnerabilities in D-Link DIR-615 routers running 5.10 and earlier firmware, including: 1. Authentication bypass vulnerability 2. Cross-site request forgery vulnerability 3. HTML injection vulnerability 4. Information leakage vulnerability Attackers can use these vulnerabilities to execute HTML and arbitrary script code in the context of the affected device, steal cookie-based authentication, bypass authentication mechanisms, or obtain sensitive information. Other attacks are also possible",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-01855"
},
{
"db": "CNNVD",
"id": "CNNVD-201403-532"
},
{
"db": "BID",
"id": "66286"
}
],
"trust": 1.35
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "DLINK",
"id": "SAP10016",
"trust": 0.9
},
{
"db": "BID",
"id": "66286",
"trust": 0.9
},
{
"db": "SECUNIA",
"id": "57268",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2014-01855",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201403-532",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-01855"
},
{
"db": "BID",
"id": "66286"
},
{
"db": "CNNVD",
"id": "CNNVD-201403-532"
}
]
},
"id": "VAR-201403-0713",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-01855"
}
],
"trust": 1.256446
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT",
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-01855"
}
]
},
"last_update_date": "2022-05-17T02:01:12.600000Z",
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 0.9,
"url": "http://securityadvisories.dlink.com/security/publication.aspx?name=sap10016"
},
{
"trust": 0.6,
"url": "http://security-geek.in/blog/dlink-dir-615-hardware-ve4-firmware-v5-10-csrf-vulnerability/"
},
{
"trust": 0.6,
"url": "http://secunia.com/advisories/57268/"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/66286"
},
{
"trust": 0.3,
"url": "http://www.dlink.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-01855"
},
{
"db": "BID",
"id": "66286"
},
{
"db": "CNNVD",
"id": "CNNVD-201403-532"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2014-01855"
},
{
"db": "BID",
"id": "66286"
},
{
"db": "CNNVD",
"id": "CNNVD-201403-532"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-03-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-01855"
},
{
"date": "2014-03-17T00:00:00",
"db": "BID",
"id": "66286"
},
{
"date": "2014-03-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201403-532"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-03-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-01855"
},
{
"date": "2014-03-17T00:00:00",
"db": "BID",
"id": "66286"
},
{
"date": "2014-03-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201403-532"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201403-532"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link DIR-615 Multiple Security Vulnerabilities",
"sources": [
{
"db": "BID",
"id": "66286"
},
{
"db": "CNNVD",
"id": "CNNVD-201403-532"
}
],
"trust": 0.9
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "66286"
}
],
"trust": 0.3
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…