CVE-2017-7398
Last modified
CVE-2017-7398 is a vulnerability of currently unknown severity. D-Link DIR-615 HW: T1 FW:20.09 is vulnerable to Cross-Site Request Forgery (CSRF) vulnerability. This enables an attacker to perform an unwanted action on a wireless router for which the user/admin is currently authenticated, as demonstrated by changing the Security option from WPA2 to None, or changing the hiddenSSID parameter, SSID parameter, or a security-option password.. EPSS estimates a 3.01% chance of exploitation in the next 30 days.
Description
D-Link DIR-615 HW: T1 FW:20.09 is vulnerable to Cross-Site Request Forgery (CSRF) vulnerability. This enables an attacker to perform an unwanted action on a wireless router for which the user/admin is currently authenticated, as demonstrated by changing the Security option from WPA2 to None, or changing the hiddenSSID parameter, SSID parameter, or a security-option password.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| D-Link | Dir-615 Firmware | 20.09 |
References
- http://seclists.org/fulldisclosure/2017/Apr/4Third Party Advisory, VDB Entry
- http://seclists.org/fulldisclosure/2017/Apr/4Third Party Advisory, VDB Entry
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2017-7398?
How severe is CVE-2017-7398?
How do I fix CVE-2017-7398?
Are you affected by CVE-2017-7398?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST