Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2015-7247

CWE-200 — Information Exposure4 documents4 sources

Severity

9.8CRITICAL

EPSS

30.9%

top 3.26%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

D-link Dvg-n5402sp Firmware

Timeline

PublishedApr 24

Latest updateMay 17

Description

D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 discloses usernames, passwords, keys, values, and web account hashes (super and admin) in plaintext when running a configuration backup, which allows remote attackers to obtain sensitive information.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

▶NVDd-link/dvg-n5402sp_firmwarew1000cn-00, w1000cn-03, w2000en-00+2

🔴Vulnerability Details

GHSA

GHSA-p72r-g2h2-xjj2: D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 discloses usernames, passwords, keys, values, and web account hashes (super and↗2022-05-17

▶

CVEList

CVE-2015-7247: D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 discloses usernames, passwords, keys, values, and web account hashes (super and↗2017-04-24

▶

💥Exploits & PoCs

Exploit-DB

D-Link DVGN5402SP - Multiple Vulnerabilities↗2016-02-04

▶