CVE-2017-7404

Name of the Vulnerable Software and Affected Versions D-Link DIR-615 versions prior to 20.12PTb04

Description The issue allows an attacker to send requests to the victim's router without knowing the credentials, due to a CSRF vulnerability. If a victim logs in to the router's web interface and visits a malicious site from another browser tab, the malicious site can send a POST request to "Form2File.htm" to upload firmware to the victim's router. This can cause the router to reboot or crash, resulting in a Denial of Service. An attacker may also succeed in uploading malicious firmware.

Recommendations For D-Link DIR-615 versions prior to 20.12PTb04, update to version 20.12PTb04 or later to resolve the issue. As a temporary workaround, consider restricting access to the "Form2File.htm" endpoint to minimize the risk of exploitation. Avoid using the router's web interface while browsing other sites to reduce the risk of CSRF attacks.