Dir 615 Firmware
Monthly
Unauthenticated remote attackers can execute arbitrary OS commands on D-Link DIR-615 4.10 routers through manipulated routing parameters in the web configuration interface, requiring only network access and no user interaction. Public exploit code is available for this vulnerability, and D-Link has not released a patch for the end-of-life device.
Remote code execution in D-Link DIR-615 firmware through os command injection via the dmz_ipaddr parameter in the DMZ Host Feature allows authenticated attackers to execute arbitrary commands with high privileges. Public exploit code exists for this vulnerability, which affects unsupported product versions with no available patch. The attack requires high-level authentication but can be launched over the network without user interaction.
Unauthenticated remote attackers can inject arbitrary OS commands through the MAC filter configuration parameter in D-Link DIR-615 firmware version 4.10 and potentially earlier versions. Public exploit code exists for this vulnerability, and affected devices are no longer receiving security updates from D-Link. Successful exploitation grants complete system compromise with high impact to confidentiality, integrity, and availability.
Command injection in D-Link DIR-615 firmware via the /set_temp_nodes.php URL Filter component allows unauthenticated remote attackers to execute arbitrary OS commands. Public exploit code exists for this vulnerability, which affects legacy unsupported devices with a 7.2 CVSS score and no available patch.
Remote code execution in D-Link DIR-615 firmware through os command injection via the ipaddr parameter in the Web Management Interface allows unauthenticated remote attackers to execute arbitrary commands. The vulnerability affects unsupported firmware versions up to 4.10, and public exploit code is available. No patch has been released by the vendor.
Unauthenticated remote attackers can execute arbitrary OS commands on D-Link DIR-615 4.10 routers through manipulated routing parameters in the web configuration interface, requiring only network access and no user interaction. Public exploit code is available for this vulnerability, and D-Link has not released a patch for the end-of-life device.
Remote code execution in D-Link DIR-615 firmware through os command injection via the dmz_ipaddr parameter in the DMZ Host Feature allows authenticated attackers to execute arbitrary commands with high privileges. Public exploit code exists for this vulnerability, which affects unsupported product versions with no available patch. The attack requires high-level authentication but can be launched over the network without user interaction.
Unauthenticated remote attackers can inject arbitrary OS commands through the MAC filter configuration parameter in D-Link DIR-615 firmware version 4.10 and potentially earlier versions. Public exploit code exists for this vulnerability, and affected devices are no longer receiving security updates from D-Link. Successful exploitation grants complete system compromise with high impact to confidentiality, integrity, and availability.
Command injection in D-Link DIR-615 firmware via the /set_temp_nodes.php URL Filter component allows unauthenticated remote attackers to execute arbitrary OS commands. Public exploit code exists for this vulnerability, which affects legacy unsupported devices with a 7.2 CVSS score and no available patch.
Remote code execution in D-Link DIR-615 firmware through os command injection via the ipaddr parameter in the Web Management Interface allows unauthenticated remote attackers to execute arbitrary commands. The vulnerability affects unsupported firmware versions up to 4.10, and public exploit code is available. No patch has been released by the vendor.