VYPR

Dir 615

by Dlink

CVEs (26)

  • CVE-2018-15839CriAug 28, 2018
    risk 0.70cvss 9.8epss 0.45

    D-Link DIR-615 devices have a buffer overflow via a long Authorization HTTP header.

  • CVE-2013-10050HigAug 1, 2025
    risk 0.67cvss 8.8epss 0.10

    An OS command injection vulnerability exists in multiple D-Link routers (confirmed on DIR-300 rev A v1.05 and DIR-615 rev D v4.13) via the authenticated tools_vct.xgi CGI endpoint. The web interface fails to properly sanitize user-supplied input in the pingIp parameter, allowing…

  • CVE-2017-11436CriJul 19, 2017
    risk 0.64cvss 9.8epss 0.02

    D-Link DIR-615 before v20.12PTb04 has a second admin account with a 0x1 BACKDOOR value, which might allow remote attackers to obtain access via a TELNET connection.

  • CVE-2017-7406CriJul 7, 2017
    risk 0.64cvss 9.8epss 0.01

    The D-Link DIR-615 device before v20.12PTb04 doesn't use SSL for any of the authenticated pages. Also, it doesn't allow the user to generate his own SSL Certificate. An attacker can simply monitor network traffic to steal a user's credentials and/or credentials of users being…

  • CVE-2017-7405CriJul 7, 2017
    risk 0.64cvss 9.8epss 0.02

    On the D-Link DIR-615 before v20.12PTb04, once authenticated, this device identifies the user based on the IP address of his machine. By spoofing the IP address belonging to the victim's host, an attacker might be able to take over the administrative session without being…

  • CVE-2017-9542CriJun 11, 2017
    risk 0.64cvss 9.8epss 0.05

    D-Link DIR-615 Wireless N 300 Router allows authentication bypass via a modified POST request to login.cgi. This issue occurs because it fails to validate the password field. Successful exploitation of this issue allows an attacker to take control of the affected device.

  • CVE-2017-7404HigJul 7, 2017
    risk 0.57cvss 8.8epss 0.01

    On the D-Link DIR-615 before v20.12PTb04, if a victim logged in to the Router's Web Interface visits a malicious site from another Browser tab, the malicious site then can send requests to the victim's Router without knowing the credentials (CSRF). An attacker can host a page…

  • CVE-2018-10431HigApr 26, 2018
    risk 0.47cvss 7.2epss 0.03

    D-Link DIR-615 2.5.17 devices allow Remote Code Execution via shell metacharacters in the Host field of the System / Traceroute screen.

  • CVE-2018-15875MedAug 25, 2018
    risk 0.40cvss 6.1epss 0.01

    Cross-site scripting (XSS) vulnerability on D-Link DIR-615 routers 20.07 allows attackers to inject JavaScript into the router's admin UPnP page via the description field in an AddPortMapping UPnP SOAP request.

  • CVE-2018-15874MedAug 25, 2018
    risk 0.40cvss 6.1epss 0.01

    Cross-site scripting (XSS) vulnerability on D-Link DIR-615 routers 20.07 allows an attacker to inject JavaScript into the "Status -> Active Client Table" page via the hostname field in a DHCP request.

  • CVE-2013-10059Aug 1, 2025
    risk 0.09cvss epss 0.19

    An authenticated OS command injection vulnerability exists in various D-Link routers (tested on DIR-615H1 running firmware version 8.04) via the tools_vct.htm endpoint. The web interface fails to sanitize input passed from the ping_ipaddr parameter to the tools_vct.htm…

  • CVE-2021-42627Aug 23, 2022
    risk 0.06cvss epss 0.67

    The WAN configuration page "wan.htm" on D-Link DIR-615 devices with firmware 20.06 can be accessed directly without authentication which can lead to disclose the information about WAN settings and also leverage attacker to modify the data fields of page.

  • CVE-2019-17525Apr 21, 2020
    risk 0.04cvss epss 0.06

    The login page on D-Link DIR-615 T1 20.10 devices allows remote attackers to bypass the CAPTCHA protection mechanism and conduct brute-force attacks.

  • CVE-2019-19743Dec 16, 2019
    risk 0.04cvss epss 0.09

    On D-Link DIR-615 devices, a normal user is able to create a root(admin) user from the D-Link portal.

  • CVE-2019-19742Dec 18, 2019
    risk 0.03cvss epss 0.20

    On D-Link DIR-615 devices, the User Account Configuration page is vulnerable to blind XSS via the name field.

  • CVE-2024-0717Jan 19, 2024
    risk 0.02cvss epss 0.18

    A vulnerability classified as critical was found in D-Link DAP-1360, DIR-300, DIR-615, DIR-615GF, DIR-615S, DIR-615T, DIR-620, DIR-620S, DIR-806A, DIR-815, DIR-815AC, DIR-815S, DIR-816, DIR-820, DIR-822, DIR-825, DIR-825AC, DIR-825ACF, DIR-825ACG1, DIR-841, DIR-842, DIR-842S,…

  • CVE-2026-2152Feb 8, 2026
    risk 0.00cvss epss 0.05

    A vulnerability was found in D-Link DIR-615 4.10. This vulnerability affects unknown code of the file adv_routing.php of the component Web Configuration Interface. Performing a manipulation of the argument dest_ip/ submask/ gw results in os command injection. The attack may be…

  • CVE-2026-2151Feb 8, 2026
    risk 0.00cvss epss 0.04

    A vulnerability has been found in D-Link DIR-615 4.10. This affects an unknown part of the file adv_firewall.php of the component DMZ Host Feature. Such manipulation of the argument dmz_ipaddr  leads to os command injection. The attack can be launched remotely. The exploit has…

  • CVE-2026-1506Jan 28, 2026
    risk 0.00cvss epss 0.05

    A vulnerability was determined in D-Link DIR-615 4.10. Impacted is an unknown function of the file /adv_mac_filter.php of the component MAC Filter Configuration. This manipulation of the argument mac causes os command injection. The attack is possible to be carried out remotely.…

  • CVE-2026-1505Jan 28, 2026
    risk 0.00cvss epss 0.04

    A vulnerability was found in D-Link DIR-615 4.10. This issue affects some unknown processing of the file /set_temp_nodes.php of the component URL Filter. The manipulation results in os command injection. The attack can be executed remotely. The exploit has been made public and…

Page 1 of 2