CVE-2021-42627

high-risk

Published 2022-08-23

The WAN configuration page "wan.htm" on D-Link DIR-615 devices with firmware 20.06 can be accessed directly without authentication which can lead to disclose the information about WAN settings and also leverage attacker to modify the data fields of page.

Do I need to act?

74.3% chance of exploitation in next 30 days

EPSS score — higher than 26% of all CVEs

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 9.8/10 Critical

NETWORK / LOW complexity

Affected Products (4)

Dir-615 Firmware

Dir-615 J1 Firmware

Dir-615 T1 Firmware

Dir-615Jx10 Firmware

Affected Vendors

Dlink

References (8)

Broken Link http://d-link.com

Product http://dlink.com

Third Party Advisory https://github.com/sanjokkarki/D-Link-DIR-615/blob/main/CVE-2021-42627

Vendor Advisory https://www.dlink.com/en/security-bulletin/

Broken Link http://d-link.com

Product http://dlink.com

Third Party Advisory https://github.com/sanjokkarki/D-Link-DIR-615/blob/main/CVE-2021-42627

Vendor Advisory https://www.dlink.com/en/security-bulletin/

/ 100

high-risk

Severity 32/34 · Critical

Exploitability 19/34 · Moderate

Exposure 10/34 · Low