CVE-2009-4821

CWE-287Improper Authentication3 documents3 sources
Severity
5.0MEDIUM
EPSS
0.2%
top 58.76%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Dlink Dir-615
Timeline
PublishedApr 27
Latest updateMay 2

Description

The D-Link DIR-615 with firmware 3.10NA does not require administrative authentication for apply.cgi, which allows remote attackers to (1) change the admin password via the admin_password parameter, (2) disable the security requirement for the Wi-Fi network via unspecified vectors, or (3) modify DNS settings via unspecified vectors.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

NVDdlink/dir-6153.10na

🔴Vulnerability Details

2
GHSA
GHSA-rvfw-993v-9jc5: The D-Link DIR-615 with firmware 32022-05-02
CVEList
CVE-2009-4821: The D-Link DIR-615 with firmware 32010-04-27
CVE-2009-4821 (MEDIUM CVSS 5) | The D-Link DIR-615 with firmware 3. | cvebase.io