Details of VAR-201707-1079

ID

VAR-201707-1079

CVE

CVE-2017-7406

TITLE

D-Link DIR-615 Cryptographic vulnerabilities in devices

Trust: 0.8

sources: JVNDB: JVNDB-2017-005609

DESCRIPTION

The D-Link DIR-615 device before v20.12PTb04 doesn't use SSL for any of the authenticated pages. Also, it doesn't allow the user to generate his own SSL Certificate. An attacker can simply monitor network traffic to steal a user's credentials and/or credentials of users being added while sniffing the traffic. D-Link DIR-615 The device contains cryptographic vulnerabilities.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. D-Link DIR-615 is a small wireless router product of D-Link. There is a security vulnerability in D-Link DIR-615 versions prior to 20.12PTb04

Trust: 1.71

sources: NVD: CVE-2017-7406 // JVNDB: JVNDB-2017-005609 // VULHUB: VHN-115609

AFFECTED PRODUCTS

vendor:	dlink	model:	dir-615	scope:	lte	version:	20.12ptb01	Trust: 1.0
vendor:	d link	model:	dir-615	scope:	lt	version:	20.12ptb04	Trust: 0.8
vendor:	dlink	model:	dir-615	scope:	eq	version:	20.12ptb01	Trust: 0.6

sources: JVNDB: JVNDB-2017-005609 // CNNVD: CNNVD-201704-027 // NVD: CVE-2017-7406

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-7406
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2017-7406
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-201704-027
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-115609
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2017-7406
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-115609
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-7406
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2017-7406
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-115609 // JVNDB: JVNDB-2017-005609 // CNNVD: CNNVD-201704-027 // NVD: CVE-2017-7406

PROBLEMTYPE DATA

problemtype:	CWE-295	Trust: 1.1
problemtype:	CWE-311	Trust: 1.1
problemtype:	CWE-310	Trust: 0.9

sources: VULHUB: VHN-115609 // JVNDB: JVNDB-2017-005609 // NVD: CVE-2017-7406

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201704-027

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-201704-027

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-005609

PATCH

title:	DIR-615 Firmware Release Notes	url:	ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-615/REVT/DIR-615_REVT_FIRMWARE_PATCH_v20.12PTb04.zip	Trust: 0.8
title:	D-Link DIR-615 Fixes for encryption problem vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=100387	Trust: 0.6

sources: JVNDB: JVNDB-2017-005609 // CNNVD: CNNVD-201704-027

EXTERNAL IDS

db:	NVD	id:	CVE-2017-7406	Trust: 2.5
db:	JVNDB	id:	JVNDB-2017-005609	Trust: 0.8
db:	CNNVD	id:	CNNVD-201704-027	Trust: 0.6
db:	VULHUB	id:	VHN-115609	Trust: 0.1

sources: VULHUB: VHN-115609 // JVNDB: JVNDB-2017-005609 // CNNVD: CNNVD-201704-027 // NVD: CVE-2017-7406

REFERENCES

url:	https://www.qualys.com/2017/03/12/qsa-2017-03-12/qsa-2017-03-12.pdf	Trust: 1.7
url:	ftp://ftp2.dlink.com/security_advisements/dir-615/revt/dir-615_revt_firmware_patch_v20.12ptb04.zip	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-7406	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-7406	Trust: 0.8

sources: VULHUB: VHN-115609 // JVNDB: JVNDB-2017-005609 // CNNVD: CNNVD-201704-027 // NVD: CVE-2017-7406

SOURCES

db:	VULHUB	id:	VHN-115609
db:	JVNDB	id:	JVNDB-2017-005609
db:	CNNVD	id:	CNNVD-201704-027
db:	NVD	id:	CVE-2017-7406

LAST UPDATE DATE

2024-11-23T23:02:23.007000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-115609	date:	2019-10-03T00:00:00
db:	JVNDB	id:	JVNDB-2017-005609	date:	2017-08-02T00:00:00
db:	CNNVD	id:	CNNVD-201704-027	date:	2019-10-23T00:00:00
db:	NVD	id:	CVE-2017-7406	date:	2024-11-21T03:31:49.913

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-115609	date:	2017-07-07T00:00:00
db:	JVNDB	id:	JVNDB-2017-005609	date:	2017-08-02T00:00:00
db:	CNNVD	id:	CNNVD-201704-027	date:	2017-04-05T00:00:00
db:	NVD	id:	CVE-2017-7406	date:	2017-07-07T12:29:00.323