Dlink Dir-615 Firmware vulnerabilities

CVE-2026-2151 [HIGH] CWE-77 CVE-2026-2151: A vulnerability has been found in D-Link DIR-615 4.10. This affects an unknown part of the file adv_ A vulnerability has been found in D-Link DIR-615 4.10. This affects an unknown part of the file adv_firewall.php of the component DMZ Host Feature. Such manipulation of the argument dmz_ipaddr leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects p

CVE-2026-2152 [HIGH] CWE-77 CVE-2026-2152: A vulnerability was found in D-Link DIR-615 4.10. This vulnerability affects unknown code of the fil A vulnerability was found in D-Link DIR-615 4.10. This vulnerability affects unknown code of the file adv_routing.php of the component Web Configuration Interface. Performing a manipulation of the argument dest_ip/ submask/ gw results in os command injection. The attack may be initiated remotely. The exploit has been made public and could be used. This v

CVE-2026-1506 [HIGH] CWE-77 CVE-2026-1506: A vulnerability was determined in D-Link DIR-615 4.10. Impacted is an unknown function of the file / A vulnerability was determined in D-Link DIR-615 4.10. Impacted is an unknown function of the file /adv_mac_filter.php of the component MAC Filter Configuration. This manipulation of the argument mac causes os command injection. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized. This vulnerabil

CVE-2026-1505 [HIGH] CWE-77 CVE-2026-1505: A vulnerability was found in D-Link DIR-615 4.10. This issue affects some unknown processing of the A vulnerability was found in D-Link DIR-615 4.10. This issue affects some unknown processing of the file /set_temp_nodes.php of the component URL Filter. The manipulation results in os command injection. The attack can be executed remotely. The exploit has been made public and could be used. This vulnerability only affects products that are no longer supp

CVE-2026-1448 [HIGH] CWE-77 CVE-2026-1448: A vulnerability was detected in D-Link DIR-615 up to 4.10. This impacts an unknown function of the f A vulnerability was detected in D-Link DIR-615 up to 4.10. This impacts an unknown function of the file /wiz_policy_3_machine.php of the component Web Management Interface. Performing a manipulation of the argument ipaddr results in os command injection. It is possible to initiate the attack remotely. The exploit is now public and may be used. This vulne

CVE-2013-10050 [HIGH] CWE-78 CVE-2013-10050: An OS command injection vulnerability exists in multiple D-Link routers—confirmed on DIR-300 rev A ( An OS command injection vulnerability exists in multiple D-Link routers—confirmed on DIR-300 rev A (v1.05) and DIR-615 rev D (v4.13)—via the authenticated tools_vct.xgi CGI endpoint. The web interface fails to properly sanitize user-supplied input in the pingIp parameter, allowing attackers with valid credentials to inject arbitrary shell commands. Exp

CVE-2024-0717 [MEDIUM] CWE-200 CVE-2024-0717: A vulnerability classified as critical was found in D-Link DAP-1360, DIR-300, DIR-615, DIR-615GF, DI A vulnerability classified as critical was found in D-Link DAP-1360, DIR-300, DIR-615, DIR-615GF, DIR-615S, DIR-615T, DIR-620, DIR-620S, DIR-806A, DIR-815, DIR-815AC, DIR-815S, DIR-816, DIR-820, DIR-822, DIR-825, DIR-825AC, DIR-825ACF, DIR-825ACG1, DIR-841, DIR-842, DIR-842S, DIR-843, DIR-853, DIR-878, DIR-882, DIR-1210, DIR-1260, DIR-2150, DIR-X1530,

CVE-2021-42627 [CRITICAL] CVE-2021-42627: The WAN configuration page "wan.htm" on D-Link DIR-615 devices with firmware 20.06 can be accessed d The WAN configuration page "wan.htm" on D-Link DIR-615 devices with firmware 20.06 can be accessed directly without authentication which can lead to disclose the information about WAN settings and also leverage attacker to modify the data fields of page.

CVE-2021-40654 [MEDIUM] CWE-863 CVE-2021-40654: An information disclosure issue exist in D-LINK-DIR-615 B2 2.01mt. An attacker can obtain a user nam An information disclosure issue exist in D-LINK-DIR-615 B2 2.01mt. An attacker can obtain a user name and password by forging a post request to the / getcfg.php page

CVE-2021-37388 [CRITICAL] CWE-120 CVE-2021-37388: A buffer overflow in D-Link DIR-615 C2 3.03WW. The ping_ipaddr parameter in ping_response.cgi POST r A buffer overflow in D-Link DIR-615 C2 3.03WW. The ping_ipaddr parameter in ping_response.cgi POST request allows an attacker to crash the webserver and might even gain remote code execution.

CVE-2019-17525 [HIGH] CWE-307 CVE-2019-17525: The login page on D-Link DIR-615 T1 20.10 devices allows remote attackers to bypass the CAPTCHA prot The login page on D-Link DIR-615 T1 20.10 devices allows remote attackers to bypass the CAPTCHA protection mechanism and conduct brute-force attacks.

CVE-2019-19742 [MEDIUM] CWE-79 CVE-2019-19742: On D-Link DIR-615 devices, the User Account Configuration page is vulnerable to blind XSS via the na On D-Link DIR-615 devices, the User Account Configuration page is vulnerable to blind XSS via the name field.

CVE-2019-17353 [HIGH] CWE-306 CVE-2019-17353: An issue discovered on D-Link DIR-615 devices with firmware version 20.05 and 20.07. wan.htm can be An issue discovered on D-Link DIR-615 devices with firmware version 20.05 and 20.07. wan.htm can be accessed directly without authentication, which can lead to disclosure of information about the WAN, and can also be leveraged by an attacker to modify the data fields of the page.

CVE-2018-15875 [MEDIUM] CWE-79 CVE-2018-15875: Cross-site scripting (XSS) vulnerability on D-Link DIR-615 routers 20.07 allows attackers to inject Cross-site scripting (XSS) vulnerability on D-Link DIR-615 routers 20.07 allows attackers to inject JavaScript into the router's admin UPnP page via the description field in an AddPortMapping UPnP SOAP request.

CVE-2018-15874 [MEDIUM] CWE-79 CVE-2018-15874: Cross-site scripting (XSS) vulnerability on D-Link DIR-615 routers 20.07 allows an attacker to injec Cross-site scripting (XSS) vulnerability on D-Link DIR-615 routers 20.07 allows an attacker to inject JavaScript into the "Status -> Active Client Table" page via the hostname field in a DHCP request.

CVE-2014-8361 [CRITICAL] CVE-2014-8361: The miniigd SOAP service in Realtek SDK allows remote attackers to execute arbitrary code via a craf The miniigd SOAP service in Realtek SDK allows remote attackers to execute arbitrary code via a crafted NewInternalClient request, as exploited in the wild through 2023.