PT-2017-17714 · D Link · D-Link Dir-615

Publicado

2017-07-07

Atualizado

2021-04-23

CVE-2017-7406

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions D-Link DIR-615 versions prior to 20.12PTb04

Description The issue allows an attacker to steal user credentials by monitoring network traffic, as the device does not use SSL for authenticated pages and does not allow users to generate their own SSL certificates.

Recommendations For versions prior to 20.12PTb04, update to version 20.12PTb04 or later to resolve the issue. As a temporary workaround, consider restricting access to the device's web interface to minimize the risk of exploitation. Avoid using the device's web interface over unsecured networks until the issue is resolved.

Correção

Missing Encryption of Sensitive Data

Improper Certificate Validation

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-311CWE-295

Identificadores relacionados

CVE-2017-7406

Produtos afetados

D-Link Dir-615

PT-2017-17714 · D Link · D-Link Dir-615

CVE-2017-7406

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4