Auth bypass in Dlink Dir-615

CVE-2009-4821

The D-Link DIR-615 with firmware 3.10NA does not require administrative authentication for apply.cgi, which allows remote attackers to (1) change the admin password via the admin_password parameter, (2) disable the security requirement for…

Vulnerability class: Broken Authentication

EPSS: 0.002 (41.1th percentile) — read the EPSS interpretation.

Affected products

Dlink Dir-615 — versions 3.10na
N/a — versions n/a

Weakness classification (CWE)

CWE-287 — Improper Authentication

References

37415 (vdb-entry, x_refsource_BID)
37777 (x_refsource_SECUNIA, Vendor Advisory, third-party-advisory)
cve@mitre.org (Exploit, x_refsource_MISC)