Description
D-Link R15 before v1.08.02 was discovered to contain no firewall restrictions for IPv6 traffic. This allows attackers to arbitrarily access any services running on the device that may be inadvertently listening via IPv6.
References (1)
Core 1
Core References
Patch, Vendor Advisory
https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10347
Scores
CVSS v3
5.3
EPSS
0.0023
EPSS Percentile
45.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-284
Status
published
Products (1)
dlink/r15_firmware
< 1.08.02
Published
Jan 10, 2024
Tracked Since
Feb 18, 2026