Dlink Dir-615
8 CVEs affecting Dlink Dir-615. Latest disclosed: 2025-08-01. Critical: 4, High: 3.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2017-11436 | Critical | 9.8 | 2017-07-19 | D-Link DIR-615 before v20.12PTb04 has a second admin account with a 0x1 BACKDOOR value, which might allow remote attackers to obtain access via a TELNET connec… |
CVE-2017-7406 | Critical | 9.8 | 2017-07-07 | The D-Link DIR-615 device before v20.12PTb04 doesn't use SSL for any of the authenticated pages. Also, it doesn't allow the user to generate his own SSL Certif… |
CVE-2017-7405 | Critical | 9.8 | 2017-07-07 | On the D-Link DIR-615 before v20.12PTb04, once authenticated, this device identifies the user based on the IP address of his machine. By spoofing the IP addres… |
CVE-2017-9542 | Critical | 9.8 | 2017-06-11 | D-Link DIR-615 Wireless N 300 Router allows authentication bypass via a modified POST request to login.cgi. This issue occurs because it fails to validate the… |
CVE-2013-10050 | High | 8.8 | 2025-08-01 | An OS command injection vulnerability exists in multiple D-Link routers (confirmed on DIR-300 rev A v1.05 and DIR-615 rev D v4.13) via the authenticated tools_… |
CVE-2017-7404 | High | 8.8 | 2017-07-07 | On the D-Link DIR-615 before v20.12PTb04, if a victim logged in to the Router's Web Interface visits a malicious site from another Browser tab, the malicious s… |
CVE-2017-7398 | High | 8.8 | 2017-04-04 | D-Link DIR-615 HW: T1 FW:20.09 is vulnerable to Cross-Site Request Forgery (CSRF) vulnerability. This enables an attacker to perform an unwanted action on a wi… |
CVE-2009-4821 | | 2010-04-27 | The D-Link DIR-615 with firmware 3.10NA does not require administrative authentication for apply.cgi, which allows remote attackers to (1) change the admin pas… |