Description
The remote administration interface in D-Link DIR-815 devices with firmware before 2.03.B02 allows remote attackers to execute arbitrary commands via vectors related to an "HTTP command injection issue."
References (2)
Core 2
Core References
Technical Description, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/110755
Vendor Advisory x_refsource_confirm
ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-815/REVB/DIR-815_REVB_FIRMWARE_PATCH_NOTES_2.03.B02_EN.PDF
Scores
CVSS v3
9.8
EPSS
0.0808
EPSS Percentile
92.2%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-77
Status
published
Products (1)
dlink/dir-815_firmware
2.03.b02
Published
Apr 12, 2018
Tracked Since
Feb 18, 2026