CVE-2017-7406

Published: Jul 7, 2017Modified: May 13, 2026

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

The D-Link DIR-615 device before v20.12PTb04 doesn't use SSL for any of the authenticated pages. Also, it doesn't allow the user to generate his own SSL Certificate. An attacker can simply monitor network traffic to steal a user's credentials and/or credentials of users being added while sniffing the traffic.

Affected (1)

Products: Dlink: Dir 615

1 product

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dlink Dir 615	Up to 20.12ptb01

Running on/with	Platform Versions
Dlink Dir 615	All versions

Related CWEs

Improper Certificate Validation

The product does not validate, or incorrectly validates, a certificate.

Missing Encryption of Sensitive Data

The product does not encrypt sensitive or critical information before storage or transmission.

References (4)

ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-615/REVT/DIR-615_REVT_FIRMWARE_PATCH_v20.12PTb04.zip (unsafe URL)

Source: cve@mitre.org

PatchVendor Advisory

https://www.qualys.com/2017/03/12/qsa-2017-03-12/qsa-2017-03-12.pdf

Source: cve@mitre.org

Third Party Advisory

ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-615/REVT/DIR-615_REVT_FIRMWARE_PATCH_v20.12PTb04.zip (unsafe URL)

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

https://www.qualys.com/2017/03/12/qsa-2017-03-12/qsa-2017-03-12.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.