CVE-2015-7247

CRITICAL

D-Link DVG-N5402SP Firmware W1000CN-00, W1000CN-03, W2000EN-00 - Sensitive Information Exposure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2015-7247. PoCs published by Karn Ganeshen.

AI-analyzed exploit summary The document describes multiple vulnerabilities in DLink DVG-N5402SP devices, including path traversal (CVE-2015-7245), default credentials (CVE-2015-7246), and sensitive information leakage (CVE-2015-7247). It provides HTTP request/response examples for path traversal but does not include executable exploit code.

Description

D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 discloses usernames, passwords, keys, values, and web account hashes (super and admin) in plaintext when running a configuration backup, which allows remote attackers to obtain sensitive information.

Exploits (1)

exploitdb WRITEUP
by Karn Ganeshen · textwebappshardware
https://www.exploit-db.com/exploits/39409

The document describes multiple vulnerabilities in DLink DVG-N5402SP devices, including path traversal (CVE-2015-7245), default credentials (CVE-2015-7246), and sensitive information leakage (CVE-2015-7247). It provides HTTP request/response examples for path traversal but does not include executable exploit code.

Classification
Writeup 90%
Attack Type
Info Leak | Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: DLink DVG-N5402SP (Firmware W1000CN-00, W1000CN-03, W2000EN-00)
No auth needed
Prerequisites: Network access to the device · Telnet service enabled (for CVE-2015-7246)
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit, Third Party Advisory, VDB Entry mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2016/Feb/24
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/39409/

Scores

CVSS v3 9.8
EPSS 0.3094
EPSS Percentile 96.9%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-200
Status published
Products (3)
d-link/dvg-n5402sp_firmware w1000cn-00
d-link/dvg-n5402sp_firmware w1000cn-03
d-link/dvg-n5402sp_firmware w2000en-00
Published Apr 24, 2017
Tracked Since Feb 18, 2026