What is the severity of CVE-2017-7405?

CVE-2017-7405 is considered a high severity vulnerability due to the potential for unauthorized access to the D-Link DIR-615 router's administrative interface.

How do I fix CVE-2017-7405?

To fix CVE-2017-7405, update the D-Link DIR-615 firmware to version 20.12PTb04 or later.

What systems are affected by CVE-2017-7405?

CVE-2017-7405 affects the D-Link DIR-615 models running firmware versions prior to 20.12PTb04.

Can CVE-2017-7405 be exploited remotely?

Yes, CVE-2017-7405 can be exploited remotely if the attacker can spoof the IP address of an authenticated user.

What impact does CVE-2017-7405 have on the D-Link DIR-615?

The impact of CVE-2017-7405 allows an attacker to take over an administrative session without needing authentication, compromising the device's security.

Vulnerability/
CVE-2017-7405

critical

9.8

CWE

287

7/7/2017

23/4/2021

CVE-2017-7405

First published: Fri Jul 07 2017(Updated: )

On the D-Link DIR-615 before v20.12PTb04, once authenticated, this device identifies the user based on the IP address of his machine. By spoofing the IP address belonging to the victim's host, an attacker might be able to take over the administrative session without being prompted for authentication credentials. An attacker can get the victim's and router's IP addresses by simply sniffing the network traffic. Moreover, if the victim has web access enabled on his router and is accessing the web interface from a different network that is behind the NAT/Proxy, an attacker can sniff the network traffic to know the public IP address of the victim's router and take over his session as he won't be prompted for credentials.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
D-Link DIR-615	<=20.12ptb01
D-Link DIR-615

Remedy

ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-615/REVT/DIR-615_REVT_FIRMWARE_PATCH_v20.12PTb04.zip

Never miss a vulnerability like this again

Reference Links

https://www.qualys.com/2017/03/12/qsa-2017-03-12/qsa-2017-03-12.pdf

Frequently Asked Questions

What is the severity of CVE-2017-7405?
CVE-2017-7405 is considered a high severity vulnerability due to the potential for unauthorized access to the D-Link DIR-615 router's administrative interface.
How do I fix CVE-2017-7405?
To fix CVE-2017-7405, update the D-Link DIR-615 firmware to version 20.12PTb04 or later.
What systems are affected by CVE-2017-7405?
CVE-2017-7405 affects the D-Link DIR-615 models running firmware versions prior to 20.12PTb04.
Can CVE-2017-7405 be exploited remotely?
Yes, CVE-2017-7405 can be exploited remotely if the attacker can spoof the IP address of an authenticated user.
What impact does CVE-2017-7405 have on the D-Link DIR-615?
The impact of CVE-2017-7405 allows an attacker to take over an administrative session without needing authentication, compromising the device's security.

agent/type
agent/event
agent/last-modified-date
agent/first-publish-date
agent/softwarecombine
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
agent/description
agent/severity
agent/weakness
agent/references
agent/remedy
agent/author
vendor/dlink
canonical/d-link dir-615
version/d-link dir-615/20.12ptb01

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.