CVE-2023-41603

D-Link R15 before v1.08.02 was discovered to contain no firewall restrictions for IPv6 traffic. This allows attackers to arbitrarily access any services running on the device that may be inadvertently listening via IPv6.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
mitreCNA
---
---
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 52%
VendorProductVersion
dlinkr15_firmware
𝑥
≤ 1.08.02
𝑥
= Vulnerable software versions
References
https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10347
https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10347