CVE-2021-42627

CRITICAL NUCLEI

D-Link DIR-615 <20.06 - Info Disclosure

Title source: llm

Description

The WAN configuration page "wan.htm" on D-Link DIR-615 devices with firmware 20.06 can be accessed directly without authentication which can lead to disclose the information about WAN settings and also leverage attacker to modify the data fields of page.

Nuclei Templates (1)

D-Link DIR-615 - Unauthorized Access

CRITICALVERIFIEDby For3stCo1d

Shodan: http.title:"Roteador Wireless" || cpe:"cpe:2.3:h:dlink:dir-615"

References (4)

[Broken Link] http://d-link.com

[Product] http://dlink.com

[Vendor Advisory] https://www.dlink.com/en/security-bulletin/

[Third Party Advisory] https://github.com/sanjokkarki/D-Link-DIR-615/blob/main/CVE-2021-42627

View Writeup ZIP pw:eip

Scores

CVSS v3 9.8

EPSS 0.7425

EPSS Percentile 98.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

Status published

Products (4)

dlink/dir-615_firmware 20.06

dlink/dir-615_j1_firmware 20.06

dlink/dir-615jx10_firmware 20.06

dlink/dir-615_t1_firmware 20.06

Published Aug 23, 2022

Tracked Since Feb 18, 2026