CVE-2017-15909
CRITICALD-Link DGS-1500 Ax < 2.51B021 - Use of Hard-coded Credentials
Title source: llmDescription
D-Link DGS-1500 Ax devices before 2.51B021 have a hardcoded password, which allows remote attackers to obtain shell access.
References (4)
Core 4
Core References
Vendor Advisory x_refsource_confirm
ftp://ftp2.dlink.com/PRODUCTS/DGS-1500-52/REVA/DGS-1500_REVA_FIRMWARE_PATCH_NOTES_2.51.021_EN.pdf
Vendor Advisory x_refsource_confirm
ftp://ftp2.dlink.com/PRODUCTS/DGS-1500-28P/REVA/DGS-1500_REVA_FIRMWARE_PATCH_NOTES_2.51.021_EN.pdf
Vendor Advisory x_refsource_confirm
ftp://ftp2.dlink.com/PRODUCTS/DGS-1500-28/REVA/DGS-1500_REVA_FIRMWARE_PATCH_NOTES_2.51.021_EN.pdf
Vendor Advisory x_refsource_confirm
ftp://ftp2.dlink.com/PRODUCTS/DGS-1500-20/REVA/DGS-1500_REVA_FIRMWARE_PATCH_NOTES_2.51.021_EN.pdf
Scores
CVSS v3
9.8
EPSS
0.0070
EPSS Percentile
72.2%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-798
Status
published
Products (3)
dlink/dgs-1500_firmware
2.10.002
dlink/dgs-1500_firmware
2.50.008
dlink/dgs-1500_firmware
2.51.005
Published
Oct 26, 2017
Tracked Since
Feb 18, 2026