var-201706-0707
Vulnerability from variot
D-Link DIR-615 Wireless N 300 Router allows authentication bypass via a modified POST request to login.cgi. This issue occurs because it fails to validate the password field. Successful exploitation of this issue allows an attacker to take control of the affected device. The D-Link DIR-615 Wireless N300 is a wireless router product from D-Link. A security vulnerability exists in the D-LinkDIR-615 Wireless N300 router that originated from the program unverified password field. This may lead to further attacks
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201706-0707", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "dir-615", "scope": null, "trust": 1.4, "vendor": "d link", "version": null }, { "model": "dir-615", "scope": "eq", "trust": 1.0, "vendor": "d link", "version": "*" }, { "model": "dir-615 wireless n router", "scope": "eq", "trust": 0.6, "vendor": "d link", "version": "300" }, { "model": "dir-615 wireless n router", "scope": "eq", "trust": 0.3, "vendor": "d link", "version": "3000" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2017-12934" }, { "db": "BID", "id": "98992" }, { "db": "JVNDB", "id": "JVNDB-2017-004856" }, { "db": "CNNVD", "id": "CNNVD-201706-338" }, { "db": "NVD", "id": "CVE-2017-9542" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/o:d-link:dir-615_firmware", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2017-004856" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Sachin Wagh", "sources": [ { "db": "BID", "id": "98992" } ], "trust": 0.3 }, "cve": "CVE-2017-9542", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 10.0, "id": "CVE-2017-9542", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 1.8, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 10.0, "id": "CNVD-2017-12934", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 10.0, "id": "VHN-117745", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "id": "CVE-2017-9542", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.8, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2017-9542", "trust": 1.0, "value": "CRITICAL" }, { "author": "NVD", "id": "CVE-2017-9542", "trust": 0.8, "value": "Critical" }, { "author": "CNVD", "id": "CNVD-2017-12934", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201706-338", "trust": 0.6, "value": "CRITICAL" }, { "author": "VULHUB", "id": "VHN-117745", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "CNVD", "id": "CNVD-2017-12934" }, { "db": "VULHUB", "id": "VHN-117745" }, { "db": "JVNDB", "id": "JVNDB-2017-004856" }, { "db": "CNNVD", "id": "CNNVD-201706-338" }, { "db": "NVD", "id": "CVE-2017-9542" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "D-Link DIR-615 Wireless N 300 Router allows authentication bypass via a modified POST request to login.cgi. This issue occurs because it fails to validate the password field. Successful exploitation of this issue allows an attacker to take control of the affected device. The D-Link DIR-615 Wireless N300 is a wireless router product from D-Link. A security vulnerability exists in the D-LinkDIR-615 Wireless N300 router that originated from the program unverified password field. This may lead to further attacks", "sources": [ { "db": "NVD", "id": "CVE-2017-9542" }, { "db": "JVNDB", "id": "JVNDB-2017-004856" }, { "db": "CNVD", "id": "CNVD-2017-12934" }, { "db": "BID", "id": "98992" }, { "db": "VULHUB", "id": "VHN-117745" } ], "trust": 2.52 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "BID", "id": "98992", "trust": 3.4 }, { "db": "NVD", "id": "CVE-2017-9542", "trust": 3.4 }, { "db": "JVNDB", "id": "JVNDB-2017-004856", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201706-338", "trust": 0.7 }, { "db": "CNVD", "id": "CNVD-2017-12934", "trust": 0.6 }, { "db": "VULHUB", "id": "VHN-117745", "trust": 0.1 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2017-12934" }, { "db": "VULHUB", "id": "VHN-117745" }, { "db": "BID", "id": "98992" }, { "db": "JVNDB", "id": "JVNDB-2017-004856" }, { "db": "CNNVD", "id": "CNNVD-201706-338" }, { "db": "NVD", "id": "CVE-2017-9542" } ] }, "id": "VAR-201706-0707", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2017-12934" }, { "db": "VULHUB", "id": "VHN-117745" } ], "trust": 1.38354702 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "IoT", "Network device" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2017-12934" } ] }, "last_update_date": "2024-11-23T22:59:17.755000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "DIR-615", "trust": 0.8, "url": "http://www.dlink.com/uk/en/support/product/dir-615-wireless-n-300-router" }, { "title": "D-LinkDIR-615 WirelessN300 Router Verifies Patches for Bypassing Vulnerabilities", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/97360" }, { "title": "D-Link DIR-615 Wireless N 300 Repair measures for router security vulnerabilities", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=70850" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2017-12934" }, { "db": "JVNDB", "id": "JVNDB-2017-004856" }, { "db": "CNNVD", "id": "CNNVD-201706-338" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-287", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-117745" }, { "db": "JVNDB", "id": "JVNDB-2017-004856" }, { "db": "NVD", "id": "CVE-2017-9542" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 3.1, "url": "https://www.facebook.com/tigerboy777/videos/1368513696568992/" }, { "trust": 3.1, "url": "http://www.securityfocus.com/bid/98992" }, { "trust": 1.7, "url": "https://twitter.com/tiger_tigerboy/status/873458088321220609" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-9542" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-9542" }, { "trust": 0.3, "url": "http://www.dlink.com/" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2017-12934" }, { "db": "VULHUB", "id": "VHN-117745" }, { "db": "BID", "id": "98992" }, { "db": "JVNDB", "id": "JVNDB-2017-004856" }, { "db": "CNNVD", "id": "CNNVD-201706-338" }, { "db": "NVD", "id": "CVE-2017-9542" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNVD", "id": "CNVD-2017-12934" }, { "db": "VULHUB", "id": "VHN-117745" }, { "db": "BID", "id": "98992" }, { "db": "JVNDB", "id": "JVNDB-2017-004856" }, { "db": "CNNVD", "id": "CNNVD-201706-338" }, { "db": "NVD", "id": "CVE-2017-9542" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2017-07-05T00:00:00", "db": "CNVD", "id": "CNVD-2017-12934" }, { "date": "2017-06-11T00:00:00", "db": "VULHUB", "id": "VHN-117745" }, { "date": "2017-06-11T00:00:00", "db": "BID", "id": "98992" }, { "date": "2017-07-10T00:00:00", "db": "JVNDB", "id": "JVNDB-2017-004856" }, { "date": "2017-06-12T00:00:00", "db": "CNNVD", "id": "CNNVD-201706-338" }, { "date": "2017-06-11T23:29:00.167000", "db": "NVD", "id": "CVE-2017-9542" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2017-07-05T00:00:00", "db": "CNVD", "id": "CNVD-2017-12934" }, { "date": "2017-06-22T00:00:00", "db": "VULHUB", "id": "VHN-117745" }, { "date": "2017-06-11T00:00:00", "db": "BID", "id": "98992" }, { "date": "2017-07-10T00:00:00", "db": "JVNDB", "id": "JVNDB-2017-004856" }, { "date": "2023-04-27T00:00:00", "db": "CNNVD", "id": "CNNVD-201706-338" }, { "date": "2024-11-21T03:36:21.823000", "db": "NVD", "id": "CVE-2017-9542" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201706-338" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "D-Link DIR-615 wireless N 300 Authentication vulnerabilities in routers", "sources": [ { "db": "JVNDB", "id": "JVNDB-2017-004856" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "authorization issue", "sources": [ { "db": "CNNVD", "id": "CNNVD-201706-338" } ], "trust": 0.6 } }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…