CVE-2017-11436

CRITICAL

D-Link DIR-615 < 20.12PTb04 - Use of Hard-coded Credentials via TELNET Backdoor

Title source: llm

Description

D-Link DIR-615 before v20.12PTb04 has a second admin account with a 0x1 BACKDOOR value, which might allow remote attackers to obtain access via a TELNET connection.

References (2)

Core 2

Core References

Release Notes, Vendor Advisory x_refsource_misc

ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-615/REVT/DIR-615_REVT_RELEASE_NOTES_20.12PTB04.pdf

Third Party Advisory x_refsource_misc

http://www.rootlabs.com.br/backdoor-dlink-dir-615/

Scores

CVSS v3 9.8

EPSS 0.0109

EPSS Percentile 78.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-798

Status published

Products (1)

dlink/dir-615 < 20.12ptb01

Published Jul 19, 2017

Tracked Since Feb 18, 2026