CRITICAL🇵🇱 Wersja polska

CVE-2021-42627

CVSS 9.8v3.1pub. 2022-08-23upd. 2026-07-05

The WAN configuration page "wan.htm" on D-Link DIR-615 devices with firmware 20.06 can be accessed directly without authentication which can lead to disclose the information about WAN settings and also leverage attacker to modify the data fields of page.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Dlink Dir 615

    HW
    Dlink
    wszystkie wersje
  • Dlink Dir 615 Firmware

    OS
    Dlink
    20.06
  • Dlink Dir 615 J1

    HW
    Dlink
    wszystkie wersje
  • Dlink Dir 615 J1 Firmware

    OS
    Dlink
    20.06
  • Dlink Dir 615jx10

    HW
    Dlink
    wszystkie wersje
  • Dlink Dir 615jx10 Firmware

    OS
    Dlink
    20.06
  • Dlink Dir 615 T1

    HW
    Dlink
    wszystkie wersje
  • Dlink Dir 615 T1 Firmware

    OS
    Dlink
    20.06
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2019-16920CRITICAL9.8⚠ KEVten sam produkt

Unauthenticated remote code execution occurs in D-Link products such as DIR-655C, DIR-866L, DIR-652, and DHP-1...

CVE-2014-8361CRITICAL9.8⚠ KEVten sam produkt

The miniigd SOAP service in Realtek SDK allows remote attackers to execute arbitrary code via a crafted NewInt...

CVE-2018-25115CRITICAL10.0PL ✓ten sam produkt

D-Link DIR-series — nieuwierzytelniony command injection w service.cgi (root RCE)

CVE-2021-37388CRITICAL9.8ten sam produkt

A buffer overflow in D-Link DIR-615 C2 3.03WW. The ping_ipaddr parameter in ping_response.cgi POST request all...

CVE-2019-18852CRITICAL9.8ten sam produkt

Certain D-Link devices have a hardcoded Alphanetworks user account with TELNET access because of /etc/config/i...