Show filters
6 Total Results
Displaying 1-6 of 6
Sort by:
Attacker Value
Unknown

CVE-2019-19742

Disclosure Date: December 18, 2019 (last updated November 08, 2023)
On D-Link DIR-615 devices, the User Account Configuration page is vulnerable to blind XSS via the name field.
Attack Vector: NetworkPrivileges: HighUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2019-19743

Disclosure Date: December 16, 2019 (last updated November 27, 2024)
On D-Link DIR-615 devices, a normal user is able to create a root(admin) user from the D-Link portal.
Attack Vector: NetworkPrivileges: LowUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2019-17353

Disclosure Date: October 09, 2019 (last updated November 27, 2024)
An issue discovered on D-Link DIR-615 devices with firmware version 20.05 and 20.07. wan.htm can be accessed directly without authentication, which can lead to disclosure of information about the WAN, and can also be leveraged by an attacker to modify the data fields of the page.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2018-15874

Disclosure Date: August 25, 2018 (last updated November 27, 2024)
Cross-site scripting (XSS) vulnerability on D-Link DIR-615 routers 20.07 allows an attacker to inject JavaScript into the "Status -> Active Client Table" page via the hostname field in a DHCP request.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2018-15875

Disclosure Date: August 25, 2018 (last updated November 27, 2024)
Cross-site scripting (XSS) vulnerability on D-Link DIR-615 routers 20.07 allows attackers to inject JavaScript into the router's admin UPnP page via the description field in an AddPortMapping UPnP SOAP request.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2018-10110

Disclosure Date: April 18, 2018 (last updated November 26, 2024)
D-Link DIR-615 T1 devices allow XSS via the Add User feature.
0
0