Vulnerability Details : CVE-2017-9542
D-Link DIR-615 Wireless N 300 Router allows authentication bypass via a modified POST request to login.cgi. This issue occurs because it fails to validate the password field. Successful exploitation of this issue allows an attacker to take control of the affected device.
Vulnerability category: BypassGain privilege
Products affected by CVE-2017-9542
- cpe:2.3:o:d-link:dir-615_firmware:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2017-9542
0.33%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 67 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-9542
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST | |
9.8
|
CRITICAL | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2017-9542
-
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-9542
-
https://twitter.com/tiger_tigerboy/status/873458088321220609
Sachin Wagh on Twitter: "D-Link DIR-615 Wireless N 300 Router Authentication Bypass Vulnerability https://t.co/k6Q8eu4RKv"Third Party Advisory
-
http://www.securityfocus.com/bid/98992
D-Link DIR-615 Wireless N 300 Router CVE-2017-9542 Authentication Bypass VulnerabilityThird Party Advisory;VDB Entry
-
https://www.facebook.com/tigerBOY777/videos/1368513696568992/
Sachin Wagh - #I_am_Back #After_Long_Days...Permissions Required
Jump to