Dir 615 Firmware
by Dlink
CVEs (4)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2014-8361 | Cri | 0.87 | 9.8 | 1.00 | KEV | May 1, 2015 | The miniigd SOAP service in Realtek SDK allows remote attackers to execute arbitrary code via a crafted NewInternalClient request, as exploited in the wild through 2023. | |
| CVE-2013-10050 | Hig | 0.67 | 8.8 | 0.10 | Aug 1, 2025 | An OS command injection vulnerability exists in multiple D-Link routers (confirmed on DIR-300 rev A v1.05 and DIR-615 rev D v4.13) via the authenticated tools_vct.xgi CGI endpoint. The web interface fails to properly sanitize user-supplied input in the pingIp parameter, allowing… | ||
| CVE-2017-9542 | Cri | 0.64 | 9.8 | 0.05 | Jun 11, 2017 | D-Link DIR-615 Wireless N 300 Router allows authentication bypass via a modified POST request to login.cgi. This issue occurs because it fails to validate the password field. Successful exploitation of this issue allows an attacker to take control of the affected device. | ||
| CVE-2017-7398 | Hig | 0.60 | 8.8 | 0.03 | Apr 4, 2017 | D-Link DIR-615 HW: T1 FW:20.09 is vulnerable to Cross-Site Request Forgery (CSRF) vulnerability. This enables an attacker to perform an unwanted action on a wireless router for which the user/admin is currently authenticated, as demonstrated by changing the Security option from… |
- risk 0.87cvss 9.8epss 1.00
The miniigd SOAP service in Realtek SDK allows remote attackers to execute arbitrary code via a crafted NewInternalClient request, as exploited in the wild through 2023.
- risk 0.67cvss 8.8epss 0.10
An OS command injection vulnerability exists in multiple D-Link routers (confirmed on DIR-300 rev A v1.05 and DIR-615 rev D v4.13) via the authenticated tools_vct.xgi CGI endpoint. The web interface fails to properly sanitize user-supplied input in the pingIp parameter, allowing…
- risk 0.64cvss 9.8epss 0.05
D-Link DIR-615 Wireless N 300 Router allows authentication bypass via a modified POST request to login.cgi. This issue occurs because it fails to validate the password field. Successful exploitation of this issue allows an attacker to take control of the affected device.
- risk 0.60cvss 8.8epss 0.03
D-Link DIR-615 HW: T1 FW:20.09 is vulnerable to Cross-Site Request Forgery (CSRF) vulnerability. This enables an attacker to perform an unwanted action on a wireless router for which the user/admin is currently authenticated, as demonstrated by changing the Security option from…