Skip to main content

Dir 615 Firmware CVE-2018-15874

MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2018-08-25 cve@mitre.org
6.1
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.1 MEDIUM
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

1
CVE Published
Aug 25, 2018 - 19:29 nvd
MEDIUM 6.1

DescriptionNVD

Cross-site scripting (XSS) vulnerability on D-Link DIR-615 routers 20.07 allows an attacker to inject JavaScript into the "Status -> Active Client Table" page via the hostname field in a DHCP request.

AnalysisAI

Cross-site scripting (XSS) vulnerability on D-Link DIR-615 routers 20.07 allows an attacker to inject JavaScript into the "Status -> Active Client Table" page via the hostname field in a DHCP request. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. Cross-site scripting (XSS) vulnerability on D-Link DIR-615 routers 20.07 allows an attacker to inject JavaScript into the "Status -> Active Client Table" page via the hostname field in a DHCP request. Affected products include: Dlink Dir-615 Firmware.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.

CVE-2021-42627 CRITICAL POC
9.8 Aug 23

The WAN configuration page "wan.htm" on D-Link DIR-615 devices with firmware 20.06 can be accessed directly without auth

CVE-2018-25115 CRITICAL POC
10.0 Aug 27

Multiple D-Link DIR-series routers, including DIR-110, DIR-412, DIR-600, DIR-610, DIR-615, DIR-645, and DIR-815 firmware

CVE-2021-37388 CRITICAL POC
9.8 Aug 06

A buffer overflow in D-Link DIR-615 C2 3.03WW. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploi

CVE-2019-16920 CRITICAL POC
9.8 Sep 27

Unauthenticated remote code execution occurs in D-Link products such as DIR-655C, DIR-866L, DIR-652, and DHP-1565. Rated

CVE-2018-15839 CRITICAL POC
9.8 Aug 28

D-Link DIR-615 devices have a buffer overflow via a long Authorization HTTP header. Rated critical severity (CVSS 9.8),

CVE-2017-7398 HIGH POC
8.8 Apr 04

D-Link DIR-615 HW: T1 FW:20.09 is vulnerable to Cross-Site Request Forgery (CSRF) vulnerability. Rated high severity (CV

CVE-2026-2152 HIGH POC
7.2 Feb 08

Unauthenticated remote attackers can execute arbitrary OS commands on D-Link DIR-615 4.10 routers through manipulated ro

CVE-2026-1505 HIGH POC
7.2 Jan 28

Command injection in D-Link DIR-615 firmware via the /set_temp_nodes.php URL Filter component allows unauthenticated rem

CVE-2026-1448 HIGH POC
7.2 Jan 27

Remote code execution in D-Link DIR-615 firmware through os command injection via the ipaddr parameter in the Web Manage

CVE-2026-2151 HIGH POC
7.2 Feb 08

Remote code execution in D-Link DIR-615 firmware through os command injection via the dmz_ipaddr parameter in the DMZ Ho

CVE-2026-1506 HIGH POC
7.2 Jan 28

Unauthenticated remote attackers can inject arbitrary OS commands through the MAC filter configuration parameter in D-Li

CVE-2018-10431 HIGH POC
7.2 Apr 26

D-Link DIR-615 2.5.17 devices allow Remote Code Execution via shell metacharacters in the Host field of the System / Tra

Share

CVE-2018-15874 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy