CVE-2015-7246

CRITICAL

D-Link DVG-N5402SP Firmware W1000CN-00, W1000CN-03, W2000EN-00 - Use of Hard-coded Credentials

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2015-7246. PoCs published by Karn Ganeshen.

AI-analyzed exploit summary The document describes multiple vulnerabilities in DLink DVG-N5402SP devices, including path traversal (CVE-2015-7245), default credentials (CVE-2015-7246), and sensitive information leakage (CVE-2015-7247). It provides HTTP request/response examples for path traversal but does not include executable exploit code.

Description

D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 has a default password of root for the root account and tw for the tw account, which makes it easier for remote attackers to obtain administrative access.

Exploits (1)

exploitdb WRITEUP
by Karn Ganeshen · textwebappshardware
https://www.exploit-db.com/exploits/39409

The document describes multiple vulnerabilities in DLink DVG-N5402SP devices, including path traversal (CVE-2015-7245), default credentials (CVE-2015-7246), and sensitive information leakage (CVE-2015-7247). It provides HTTP request/response examples for path traversal but does not include executable exploit code.

Classification
Writeup 90%
Attack Type
Info Leak | Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: DLink DVG-N5402SP (Firmware W1000CN-00, W1000CN-03, W2000EN-00)
No auth needed
Prerequisites: Network access to the device · Telnet service enabled (for CVE-2015-7246)
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit, Third Party Advisory, VDB Entry mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2016/Feb/24
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/39409/

Scores

CVSS v3 9.8
EPSS 0.3310
EPSS Percentile 97.0%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-798
Status published
Products (3)
d-link/dvg-n5402sp_firmware w1000cn-00
d-link/dvg-n5402sp_firmware w1000cn-03
d-link/dvg-n5402sp_firmware w2000en-00
Published Apr 24, 2017
Tracked Since Feb 18, 2026