Vulnerabilities > Dlink > DIR 615

DATE CVE VULNERABILITY TITLE RISK
2017-07-19 CVE-2017-11436 Use of Hard-coded Credentials vulnerability in Dlink Dir-615 20.12Ptb01
D-Link DIR-615 before v20.12PTb04 has a second admin account with a 0x1 BACKDOOR value, which might allow remote attackers to obtain access via a TELNET connection.
network
low complexity
dlink CWE-798
critical
9.8
2017-07-07 CVE-2017-7406 Missing Encryption of Sensitive Data vulnerability in Dlink Dir-615 20.12Ptb01
The D-Link DIR-615 device before v20.12PTb04 doesn't use SSL for any of the authenticated pages.
network
low complexity
dlink CWE-311
critical
9.8
2017-07-07 CVE-2017-7405 Improper Authentication vulnerability in Dlink Dir-615 20.12Ptb01
On the D-Link DIR-615 before v20.12PTb04, once authenticated, this device identifies the user based on the IP address of his machine.
network
low complexity
dlink CWE-287
critical
9.8
2017-07-07 CVE-2017-7404 Cross-Site Request Forgery (CSRF) vulnerability in Dlink Dir-615 20.12Ptb01
On the D-Link DIR-615 before v20.12PTb04, if a victim logged in to the Router's Web Interface visits a malicious site from another Browser tab, the malicious site then can send requests to the victim's Router without knowing the credentials (CSRF).
network
low complexity
dlink CWE-352
8.8