CVE-2019-17525

HIGH

D-Link DIR-615 T1 20.10 - Unauthenticated CAPTCHA Bypass via Login Page

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2019-17525. PoCs published by huzaifa hussain, huzaifahussain98.

AI-analyzed exploit summary This is a writeup describing a CAPTCHA bypass vulnerability in D-Link DIR-615 T1 20.10. It outlines steps to brute-force credentials by reusing the same CAPTCHA, leveraging Burp Suite for interception and automation.

Description

The login page on D-Link DIR-615 T1 20.10 devices allows remote attackers to bypass the CAPTCHA protection mechanism and conduct brute-force attacks.

Exploits (2)

exploitdb WRITEUP

by huzaifa hussain · textwebappshardware

https://www.exploit-db.com/exploits/48551

View Code ZIP pw:eip

This is a writeup describing a CAPTCHA bypass vulnerability in D-Link DIR-615 T1 20.10. It outlines steps to brute-force credentials by reusing the same CAPTCHA, leveraging Burp Suite for interception and automation.

Classification

Writeup 90%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: D-Link DIR-615 T1 firmware version 20.10

No auth needed

Prerequisites: Access to the router's login page · Burp Suite or similar interception tool

MITRE ATT&CK

T1110 - Brute Force

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WRITEUP 1 stars

by huzaifahussain98 · poc

https://github.com/huzaifahussain98/CVE-2019-17525

View Code ZIP pw:eip

This repository provides a detailed technical writeup on CVE-2019-17525, a CAPTCHA bypass vulnerability in D-Link DIR-615 routers. It describes the attack scenario, including steps to exploit the vulnerability via brute-forcing credentials on the login page.

Classification

Writeup 90%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: D-Link DIR-615 with Firmware Version 20.10 and Hardware Version T1

No auth needed

Prerequisites: Public IP of the target network · Access to the router login page · Burp Suite for intercepting and modifying requests

MITRE ATT&CK

T1110 - Brute Force

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (2)

Core 2

Core References

Exploit, Third Party Advisory x_refsource_misc

https://github.com/huzaifahussain98/CVE-2019-17525/

View Exploit ZIP pw:eip

Exploit, Third Party Advisory x_refsource_misc

http://packetstormsecurity.com/files/157936/D-Link-DIR-615-T1-20.10-CAPTCHA-Bypass.html

Scores

CVSS v3 8.8

EPSS 0.0584

EPSS Percentile 92.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-307

Status published

Products (1)

dlink/dir-615_firmware 20.10

Published Apr 21, 2020

Tracked Since Feb 18, 2026