CVE-2021-40654

CWE-863Incorrect AuthorizationCWE-522Insufficiently Protected Credentials3 documents3 sources
Severity
6.5MEDIUM
EPSS
0.7%
top 28.56%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Dlink Dir-615 Firmware
Timeline
PublishedSep 24
Latest updateMay 24

Description

An information disclosure issue exist in D-LINK-DIR-615 B2 2.01mt. An attacker can obtain a user name and password by forging a post request to the / getcfg.php page

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-p2mh-gfcc-wfpp: An information disclosure issue exist in D-LINK-DIR-615 B2 22022-05-24
CVEList
CVE-2021-40654: An information disclosure issue exist in D-LINK-DIR-615 B2 22021-09-24
CVE-2021-40654 (MEDIUM CVSS 6.5) | An information disclosure issue exi | cvebase.io