Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2021-42627

4 documents4 sources

Severity

9.8CRITICAL

EPSS

74.3%

top 1.16%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Dlink Dir-615 Firmware Dlink Dir-615 J1 Firmware Dlink Dir-615 T1 Firmware +1 more

Timeline

PublishedAug 23

Latest updateAug 24

Description

The WAN configuration page "wan.htm" on D-Link DIR-615 devices with firmware 20.06 can be accessed directly without authentication which can lead to disclose the information about WAN settings and also leverage attacker to modify the data fields of page.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages4 packages

▶NVDdlink/dir-615_firmware20.06

▶NVDdlink/dir-615_j1_firmware20.06

▶NVDdlink/dir-615_t1_firmware20.06

▶NVDdlink/dir-615jx10_firmware20.06

🔴Vulnerability Details

GHSA

GHSA-v9x5-7566-775w: The WAN configuration page "wan↗2022-08-24

▶

CVEList

CVE-2021-42627: The WAN configuration page "wan↗2022-08-23

▶

💥Exploits & PoCs

Nuclei

D-Link DIR-615 - Unauthorized Access

▶