Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2015-7245

CWE-22Path Traversal5 documents5 sources
Severity
7.5HIGH
EPSS
89.4%
top 0.46%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
D-link Dvg-n5402sp Firmware
Timeline
PublishedApr 24
Latest updateMay 17

Description

Directory traversal vulnerability in D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 allows remote attackers to read sensitive information via a .. (dot dot) in the errorpage parameter.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

NVDd-link/dvg-n5402sp_firmwarew1000cn-00, w1000cn-03, w2000en-00+2

🔴Vulnerability Details

2
GHSA
GHSA-f66m-xgc7-9g7w: Directory traversal vulnerability in D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 allows remote attackers to read sensitive2022-05-17
CVEList
CVE-2015-7245: Directory traversal vulnerability in D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 allows remote attackers to read sensitive2017-04-24

💥Exploits & PoCs

2
Exploit-DB
D-Link DVG­N5402SP - Multiple Vulnerabilities2016-02-04
Nuclei
D-Link DVG-N5402SP - Local File Inclusion
CVE-2015-7245 (HIGH CVSS 7.5) | Directory traversal vulnerability i | cvebase.io