CVE-2023-41603 : D-Link R15 before v1.08.02 was discovered to contain no firewall restrictions fo

D-Link R15 before v1.08.02 was discovered to contain no firewall restrictions for IPv6 traffic. This allows attackers to arbitrarily access any services running on the device that may be inadvertently listening via IPv6.

Published 2024-01-10 08:15:38

Updated 2024-01-12 19:13:05

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2023-41603

Dlink » R15 Firmware
Versions up to, including, (<=) 1.08.02
cpe:2.3:o:dlink:r15_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Dlink » R15 » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2023-41603

EPSS FAQ

0.20%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 40 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2023-41603

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
5.3	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	3.9	1.4	NIST	2024-01-12
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: Low Integrity: None Availability: None

References for CVE-2023-41603

https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10347

D-Link Technical Support
Patch;Vendor Advisory

Jump to

Vulnerability Details : CVE-2023-41603

Products affected by CVE-2023-41603

Exploit prediction scoring system (EPSS) score for CVE-2023-41603

CVSS scores for CVE-2023-41603

References for CVE-2023-41603