Critical severity9.8NVD Advisory· Published Apr 24, 2017· Updated May 13, 2026

CVE-2015-7247

Description

D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 discloses usernames, passwords, keys, values, and web account hashes (super and admin) in plaintext when running a configuration backup, which allows remote attackers to obtain sensitive information.

Affected products

D-Link/Dvg N5402sp Firmware3 versions
cpe:2.3:o:d-link:dvg-n5402sp_firmware:w1000cn-00:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:o:d-link:dvg-n5402sp_firmware:w1000cn-00:*:*:*:*:*:*:*
- cpe:2.3:o:d-link:dvg-n5402sp_firmware:w1000cn-03:*:*:*:*:*:*:*
- cpe:2.3:o:d-link:dvg-n5402sp_firmware:w2000en-00:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

packetstormsecurity.com/files/135590/D-Link-DVG-N5402SP-Path-Traversal-Information-Disclosure.htmlnvdExploitThird Party AdvisoryVDB Entry
seclists.org/fulldisclosure/2016/Feb/24nvdExploitThird Party AdvisoryVDB Entry
www.exploit-db.com/exploits/39409/nvdExploitThird Party AdvisoryVDB Entry

News mentions

No linked articles in our index yet.

cvss	0.637
epss	0.025
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000