CVE-2009-4821

EUVD-2009-4784
The D-Link DIR-615 with firmware 3.10NA does not require administrative authentication for apply.cgi, which allows remote attackers to (1) change the admin password via the admin_password parameter, (2) disable the security requirement for the Wi-Fi network via unspecified vectors, or (3) modify DNS settings via unspecified vectors.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 41%
Affected Products (NVD)
VendorProductVersion
dlinkdir-615
3.10na:na
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://secunia.com/advisories/37777
http://www.hiredhacker.com/2009/12/15/d-link-dir-615-remote-exploit/
http://www.securityfocus.com/bid/37415
http://secunia.com/advisories/37777
http://www.hiredhacker.com/2009/12/15/d-link-dir-615-remote-exploit/
http://www.securityfocus.com/bid/37415