Vulnerabilities > Dlink > DIR 615
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-04-21 | CVE-2019-17525 | Improper Restriction of Excessive Authentication Attempts vulnerability in Dlink Dir-615 Firmware 20.10 The login page on D-Link DIR-615 T1 20.10 devices allows remote attackers to bypass the CAPTCHA protection mechanism and conduct brute-force attacks. | 4.0 |
| 2017-07-19 | CVE-2017-11436 | Use of Hard-coded Credentials vulnerability in Dlink Dir-615 20.12Ptb01 D-Link DIR-615 before v20.12PTb04 has a second admin account with a 0x1 BACKDOOR value, which might allow remote attackers to obtain access via a TELNET connection. | 7.5 |
| 2017-07-07 | CVE-2017-7406 | Missing Encryption of Sensitive Data vulnerability in Dlink Dir-615 20.12Ptb01 The D-Link DIR-615 device before v20.12PTb04 doesn't use SSL for any of the authenticated pages. | 5.0 |
| 2017-07-07 | CVE-2017-7405 | Improper Authentication vulnerability in Dlink Dir-615 20.12Ptb01 On the D-Link DIR-615 before v20.12PTb04, once authenticated, this device identifies the user based on the IP address of his machine. | 7.5 |
| 2017-07-07 | CVE-2017-7404 | Cross-Site Request Forgery (CSRF) vulnerability in Dlink Dir-615 20.12Ptb01 On the D-Link DIR-615 before v20.12PTb04, if a victim logged in to the Router's Web Interface visits a malicious site from another Browser tab, the malicious site then can send requests to the victim's Router without knowing the credentials (CSRF). | 6.8 |
| 2010-04-27 | CVE-2009-4821 | Improper Authentication vulnerability in Dlink Dir-615 3.10Na The D-Link DIR-615 with firmware 3.10NA does not require administrative authentication for apply.cgi, which allows remote attackers to (1) change the admin password via the admin_password parameter, (2) disable the security requirement for the Wi-Fi network via unspecified vectors, or (3) modify DNS settings via unspecified vectors. | 5.0 |