PT-2017-17714 · D Link · D-Link Dir-615

Published

2017-07-07

Updated

2021-04-23

CVE-2017-7406

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions D-Link DIR-615 versions prior to 20.12PTb04

Description The issue allows an attacker to steal user credentials by monitoring network traffic, as the device does not use SSL for authenticated pages and does not allow users to generate their own SSL certificates.

Recommendations For versions prior to 20.12PTb04, update to version 20.12PTb04 or later to resolve the issue. As a temporary workaround, consider restricting access to the device's web interface to minimize the risk of exploitation. Avoid using the device's web interface over unsecured networks until the issue is resolved.

Fix

Missing Encryption of Sensitive Data

Improper Certificate Validation

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-311CWE-295

Related Identifiers

CVE-2017-7406

Affected Products

D-Link Dir-615

PT-2017-17714 · D Link · D-Link Dir-615

CVE-2017-7406

Weakness Enumeration

Related Identifiers

Affected Products

References · 4