CVE-2021-42627

CRITICAL NUCLEI

D-Link DIR-615 <20.06 - Info Disclosure

Title source: llm

Exploitation Summary

CVE-2021-42627 has a Nuclei detection template available — see the Nuclei card below for the Shodan/FOFA recon queries.

Description

The WAN configuration page "wan.htm" on D-Link DIR-615 devices with firmware 20.06 can be accessed directly without authentication which can lead to disclose the information about WAN settings and also leverage attacker to modify the data fields of page.

Nuclei Templates (1)

D-Link DIR-615 - Unauthorized Access

CRITICALVERIFIEDby For3stCo1d

Shodan: http.title:"Roteador Wireless" || cpe:"cpe:2.3:h:dlink:dir-615"

References (4)

Core 4

Core References

Broken Link x_refsource_misc

http://d-link.com

Product x_refsource_misc

http://dlink.com

Vendor Advisory x_refsource_misc

https://www.dlink.com/en/security-bulletin/

Third Party Advisory x_refsource_misc

https://github.com/sanjokkarki/D-Link-DIR-615/blob/main/CVE-2021-42627

View Writeup ZIP pw:eip

Scores

CVSS v3 9.8

EPSS 0.6744

EPSS Percentile 99.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

Status published

Products (4)

dlink/dir-615_firmware 20.06

dlink/dir-615_j1_firmware 20.06

dlink/dir-615_t1_firmware 20.06

dlink/dir-615jx10_firmware 20.06

Published Aug 23, 2022

Tracked Since Feb 18, 2026