Dlink

Dir-615 Firmware

14 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2018-25115

Exploit
  • EPSS 0.52%
  • Published 27.08.2025 21:24:23
  • Last modified 24.09.2025 18:03:34

Multiple D-Link DIR-series routers, including DIR-110, DIR-412, DIR-600, DIR-610, DIR-615, DIR-645, and DIR-815 firmware version 1.03, contain a vulnerability in the service.cgi endpoint that allows remote attackers to execute arbitrary system comman...

8.8

CVE-2013-10050

Exploit
  • EPSS 0.35%
  • Published 01.08.2025 20:39:00
  • Last modified 23.09.2025 17:38:12

An OS command injection vulnerability exists in multiple D-Link routers—confirmed on DIR-300 rev A (v1.05) and DIR-615 rev D (v4.13)—via the authenticated tools_vct.xgi CGI endpoint. The web interface fails to properly sanitize user-supplied input in...

5.3

CVE-2024-0717

Exploit
  • EPSS 28.39%
  • Published 19.01.2024 16:15:11
  • Last modified 21.11.2024 08:47:12

A vulnerability classified as critical was found in D-Link DAP-1360, DIR-300, DIR-615, DIR-615GF, DIR-615S, DIR-615T, DIR-620, DIR-620S, DIR-806A, DIR-815, DIR-815AC, DIR-815S, DIR-816, DIR-820, DIR-822, DIR-825, DIR-825AC, DIR-825ACF, DIR-825ACG1, D...

9.8

CVE-2021-42627

  • EPSS 49.71%
  • Published 23.08.2022 12:15:08
  • Last modified 21.11.2024 06:27:52

The WAN configuration page "wan.htm" on D-Link DIR-615 devices with firmware 20.06 can be accessed directly without authentication which can lead to disclose the information about WAN settings and also leverage attacker to modify the data fields of p...

6.5

CVE-2021-40654

Exploit
  • EPSS 0.83%
  • Published 24.09.2021 21:15:07
  • Last modified 21.11.2024 06:24:31

An information disclosure issue exist in D-LINK-DIR-615 B2 2.01mt. An attacker can obtain a user name and password by forging a post request to the / getcfg.php page

9.8

CVE-2021-37388

Exploit
  • EPSS 3.43%
  • Published 06.08.2021 12:15:07
  • Last modified 21.11.2024 06:15:03

A buffer overflow in D-Link DIR-615 C2 3.03WW. The ping_ipaddr parameter in ping_response.cgi POST request allows an attacker to crash the webserver and might even gain remote code execution.

8.8

CVE-2019-17525

Exploit
  • EPSS 13.06%
  • Published 21.04.2020 19:15:12
  • Last modified 21.11.2024 04:32:26

The login page on D-Link DIR-615 T1 20.10 devices allows remote attackers to bypass the CAPTCHA protection mechanism and conduct brute-force attacks.

4.8

CVE-2019-19742

Exploit
  • EPSS 4.59%
  • Published 18.12.2019 13:15:11
  • Last modified 21.11.2024 04:35:17

On D-Link DIR-615 devices, the User Account Configuration page is vulnerable to blind XSS via the name field.

8.2

CVE-2019-17353

  • EPSS 0.63%
  • Published 09.10.2019 12:15:10
  • Last modified 21.11.2024 04:32:09

An issue discovered on D-Link DIR-615 devices with firmware version 20.05 and 20.07. wan.htm can be accessed directly without authentication, which can lead to disclosure of information about the WAN, and can also be leveraged by an attacker to modif...

10

CVE-2019-16920

Warning Exploit
  • EPSS 94.34%
  • Published 27.09.2019 12:15:10
  • Last modified 03.04.2025 19:51:22

Unauthenticated remote code execution occurs in D-Link products such as DIR-655C, DIR-866L, DIR-652, and DHP-1565. The issue occurs when the attacker sends an arbitrary input to a "PingTest" device common gateway interface that could lead to common i...