CVE-2021-42627

The WAN configuration page "wan.htm" on D-Link DIR-615 devices with firmware 20.06 can be accessed directly without authentication which can lead to disclose the information about WAN settings and also leverage attacker to modify the data fields of page.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 98%
VendorProductVersion
dlinkdir-615_firmware
20.06
dlinkdir-615_j1_firmware
20.06
dlinkdir-615_t1_firmware
20.06
dlinkdir-615jx10_firmware
20.06
𝑥
= Vulnerable software versions
References
http://d-link.com
http://dlink.com
https://github.com/sanjokkarki/D-Link-DIR-615/blob/main/CVE-2021-42627
https://www.dlink.com/en/security-bulletin/
http://d-link.com
http://dlink.com
https://github.com/sanjokkarki/D-Link-DIR-615/blob/main/CVE-2021-42627
https://www.dlink.com/en/security-bulletin/