CVE-2015-7245

HIGH NUCLEI

D-Link DVG-N5402SP Firmware W1000CN-00, W1000CN-03, W2000EN-00 - Path Traversal via Errorpage Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2015-7245. PoCs published by Karn Ganeshen. A Nuclei detection template is also available.

AI-analyzed exploit summary The document describes multiple vulnerabilities in DLink DVG-N5402SP devices, including path traversal (CVE-2015-7245), default credentials (CVE-2015-7246), and sensitive information leakage (CVE-2015-7247). It provides HTTP request/response examples for path traversal but does not include executable exploit code.

Description

Directory traversal vulnerability in D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 allows remote attackers to read sensitive information via a .. (dot dot) in the errorpage parameter.

Exploits (1)

exploitdb WRITEUP
by Karn Ganeshen · textwebappshardware
https://www.exploit-db.com/exploits/39409

The document describes multiple vulnerabilities in DLink DVG-N5402SP devices, including path traversal (CVE-2015-7245), default credentials (CVE-2015-7246), and sensitive information leakage (CVE-2015-7247). It provides HTTP request/response examples for path traversal but does not include executable exploit code.

Classification
Writeup 90%
Attack Type
Info Leak | Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: DLink DVG-N5402SP (Firmware W1000CN-00, W1000CN-03, W2000EN-00)
No auth needed
Prerequisites: Network access to the device · Telnet service enabled (for CVE-2015-7246)
devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

D-Link DVG-N5402SP - Local File Inclusion
HIGHby 0x_Akoko

References (3)

Core 3
Core References
Exploit, Third Party Advisory, VDB Entry mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2016/Feb/24
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/39409/

Scores

CVSS v3 7.5
EPSS 0.8937
EPSS Percentile 99.6%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-22
Status published
Products (3)
d-link/dvg-n5402sp_firmware w1000cn-00
d-link/dvg-n5402sp_firmware w1000cn-03
d-link/dvg-n5402sp_firmware w2000en-00
Published Apr 24, 2017
Tracked Since Feb 18, 2026