Sign-up

ID

VAR-201707-1078


CVE

CVE-2017-7405


TITLE

D-Link DIR-615 Authentication vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-005608

DESCRIPTION

On the D-Link DIR-615 before v20.12PTb04, once authenticated, this device identifies the user based on the IP address of his machine. By spoofing the IP address belonging to the victim's host, an attacker might be able to take over the administrative session without being prompted for authentication credentials. An attacker can get the victim's and router's IP addresses by simply sniffing the network traffic. Moreover, if the victim has web access enabled on his router and is accessing the web interface from a different network that is behind the NAT/Proxy, an attacker can sniff the network traffic to know the public IP address of the victim's router and take over his session as he won't be prompted for credentials. D-Link DIR-615 Contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. D-Link DIR-615 is a small wireless router product of D-Link. D-Link DIR-615 has an authorization issue vulnerability. A security vulnerability exists in versions prior to D-Link DIR-615 20.12PTb04

Trust: 2.25

sources: NVD: CVE-2017-7405 // JVNDB: JVNDB-2017-005608 // CNVD: CNVD-2019-46983 // VULHUB: VHN-115608

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-46983

AFFECTED PRODUCTS

vendor:dlinkmodel:dir-615scope:lteversion:20.12ptb01

Trust: 1.0

vendor:d linkmodel:dir-615scope:ltversion:20.12ptb04

Trust: 0.8

vendor:d linkmodel:dir-615 <20.12ptb04scope: - version: -

Trust: 0.6

vendor:dlinkmodel:dir-615scope:eqversion:20.12ptb01

Trust: 0.6

sources: CNVD: CNVD-2019-46983 // JVNDB: JVNDB-2017-005608 // CNNVD: CNNVD-201704-028 // NVD: CVE-2017-7405

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-7405
value: CRITICAL

Trust: 1.0

NVD: CVE-2017-7405
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2019-46983
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201704-028
value: CRITICAL

Trust: 0.6

VULHUB: VHN-115608
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2017-7405
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-46983
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-115608
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-7405
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2017-7405
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2019-46983 // VULHUB: VHN-115608 // JVNDB: JVNDB-2017-005608 // CNNVD: CNNVD-201704-028 // NVD: CVE-2017-7405

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.9

sources: VULHUB: VHN-115608 // JVNDB: JVNDB-2017-005608 // NVD: CVE-2017-7405

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201704-028

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201704-028

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-005608

PATCH
title:DIR-615 Firmware Release Notesurl:ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-615/REVT/DIR-615_REVT_FIRMWARE_PATCH_v20.12PTb04.zip
Trust: 0.8
title:Patch for D-Link DIR-615 authorization issue vulnerability (CNVD-2019-46983)url:https://www.cnvd.org.cn/patchInfo/show/195293
Trust: 0.6
title:D-Link DIR-615 Remediation measures for authorization problem vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=148413
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-46983 // 
            
            
            
            JVNDB: JVNDB-2017-005608 // 
            
            
            
            CNNVD: CNNVD-201704-028

EXTERNAL IDS
db:NVDid:CVE-2017-7405
Trust: 3.1
db:JVNDBid:JVNDB-2017-005608
Trust: 0.8
db:CNNVDid:CNNVD-201704-028
Trust: 0.7
db:CNVDid:CNVD-2019-46983
Trust: 0.6
db:SEEBUGid:SSVID-98111
Trust: 0.1
db:VULHUBid:VHN-115608
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-46983 // 
            
            
            
            VULHUB: VHN-115608 // 
            
            
            
            JVNDB: JVNDB-2017-005608 // 
            
            
            
            CNNVD: CNNVD-201704-028 // 
            
            
            
            NVD: CVE-2017-7405

REFERENCES
url:https://www.qualys.com/2017/03/12/qsa-2017-03-12/qsa-2017-03-12.pdf
Trust: 2.3
url:ftp://ftp2.dlink.com/security_advisements/dir-615/revt/dir-615_revt_firmware_patch_v20.12ptb04.zip
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-7405
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-7405
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2019-46983 // 
            
            
            
            VULHUB: VHN-115608 // 
            
            
            
            JVNDB: JVNDB-2017-005608 // 
            
            
            
            CNNVD: CNNVD-201704-028 // 
            
            
            
            NVD: CVE-2017-7405

SOURCES
db:CNVDid:CNVD-2019-46983
db:VULHUBid:VHN-115608
db:JVNDBid:JVNDB-2017-005608
db:CNNVDid:CNNVD-201704-028
db:NVDid:CVE-2017-7405

LAST UPDATE DATE
2024-11-23T22:34:35.697000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-46983date:2020-04-11T00:00:00
db:VULHUBid:VHN-115608date:2017-07-14T00:00:00
db:JVNDBid:JVNDB-2017-005608date:2017-08-02T00:00:00
db:CNNVDid:CNNVD-201704-028date:2021-04-25T00:00:00
db:NVDid:CVE-2017-7405date:2024-11-21T03:31:49.757

SOURCES RELEASE DATE
db:CNVDid:CNVD-2019-46983date:2019-12-25T00:00:00
db:VULHUBid:VHN-115608date:2017-07-07T00:00:00
db:JVNDBid:JVNDB-2017-005608date:2017-08-02T00:00:00
db:CNNVDid:CNNVD-201704-028date:2017-04-05T00:00:00
db:NVDid:CVE-2017-7405date:2017-07-07T12:29:00.293