Skip to main content

Dir 615 Firmware

19 CVEs product

Monthly

CVE-2026-2152 HIGH POC This Week

Unauthenticated remote attackers can execute arbitrary OS commands on D-Link DIR-615 4.10 routers through manipulated routing parameters in the web configuration interface, requiring only network access and no user interaction. Public exploit code is available for this vulnerability, and D-Link has not released a patch for the end-of-life device.

D-Link PHP Command Injection Dir 615 Firmware
NVD VulDB
CVSS 3.1
7.2
EPSS
1.9%
CVE-2026-2151 HIGH POC This Week

Remote code execution in D-Link DIR-615 firmware through os command injection via the dmz_ipaddr parameter in the DMZ Host Feature allows authenticated attackers to execute arbitrary commands with high privileges. Public exploit code exists for this vulnerability, which affects unsupported product versions with no available patch. The attack requires high-level authentication but can be launched over the network without user interaction.

D-Link PHP Command Injection Dir 615 Firmware
NVD VulDB
CVSS 3.1
7.2
EPSS
0.4%
CVE-2026-1506 HIGH POC This Week

Unauthenticated remote attackers can inject arbitrary OS commands through the MAC filter configuration parameter in D-Link DIR-615 firmware version 4.10 and potentially earlier versions. Public exploit code exists for this vulnerability, and affected devices are no longer receiving security updates from D-Link. Successful exploitation grants complete system compromise with high impact to confidentiality, integrity, and availability.

D-Link PHP Command Injection Dir 615 Firmware
NVD VulDB
CVSS 3.1
7.2
EPSS
0.1%
CVE-2026-1505 HIGH POC This Week

Command injection in D-Link DIR-615 firmware via the /set_temp_nodes.php URL Filter component allows unauthenticated remote attackers to execute arbitrary OS commands. Public exploit code exists for this vulnerability, which affects legacy unsupported devices with a 7.2 CVSS score and no available patch.

D-Link PHP Command Injection Dir 615 Firmware
NVD VulDB
CVSS 3.1
7.2
EPSS
0.7%
CVE-2026-1448 HIGH POC This Week

Remote code execution in D-Link DIR-615 firmware through os command injection via the ipaddr parameter in the Web Management Interface allows unauthenticated remote attackers to execute arbitrary commands. The vulnerability affects unsupported firmware versions up to 4.10, and public exploit code is available. No patch has been released by the vendor.

D-Link PHP Command Injection Dir 615 Firmware
NVD VulDB
CVSS 3.1
7.2
EPSS
0.5%
CVE-2018-25115 CRITICAL POC Act Now

Multiple D-Link DIR-series routers, including DIR-110, DIR-412, DIR-600, DIR-610, DIR-615, DIR-645, and DIR-815 firmware version 1.03, contain a vulnerability in the service.cgi endpoint that allows. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection D-Link Dir 110 Firmware Dir 412 Firmware Dir 600 Firmware +4
NVD GitHub Exploit-DB
CVSS 4.0
10.0
EPSS
1.6%
CVE-2024-0717 MEDIUM POC THREAT This Month

A vulnerability classified as critical was found in D-Link DAP-1360, DIR-300, DIR-615, DIR-615GF, DIR-615S, DIR-615T, DIR-620, DIR-620S, DIR-806A, DIR-815, DIR-815AC, DIR-815S, DIR-816, DIR-820,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Information Disclosure Dir 825Acg1 Firmware Dir 841 Firmware Dir 1260 Firmware +41
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
18.2%
CVE-2021-42627 CRITICAL POC THREAT Emergency

The WAN configuration page "wan.htm" on D-Link DIR-615 devices with firmware 20.06 can be accessed directly without authentication which can lead to disclose the information about WAN settings and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 67.4%.

D-Link Information Disclosure Dir 615 Firmware Dir 615 J1 Firmware Dir 615 T1 Firmware +1
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
67.4%
Threat
5.5
CVE-2021-40654 MEDIUM POC This Month

An information disclosure issue exist in D-LINK-DIR-615 B2 2.01mt. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link PHP Information Disclosure Authentication Bypass Dir 615 Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
1.8%
CVE-2021-37388 CRITICAL POC Act Now

A buffer overflow in D-Link DIR-615 C2 3.03WW. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow D-Link RCE Dir 615 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
3.7%
CVE-2019-19742 MEDIUM POC THREAT This Month

On D-Link DIR-615 devices, the User Account Configuration page is vulnerable to blind XSS via the name field. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS D-Link Dir 615 Firmware
NVD Exploit-DB
CVSS 3.1
4.8
EPSS
19.8%
CVE-2019-17353 HIGH This Week

An issue discovered on D-Link DIR-615 devices with firmware version 20.05 and 20.07. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass D-Link Dir 615 Firmware
NVD GitHub
CVSS 3.1
8.2
EPSS
3.0%
CVE-2019-16920 CRITICAL POC KEV THREAT Act Now

Unauthenticated remote code execution occurs in D-Link products such as DIR-655C, DIR-866L, DIR-652, and DHP-1565. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link RCE Command Injection Dir 655 Firmware Dir 866L Firmware +8
NVD
CVSS 3.1
9.8
EPSS
100.0%
CVE-2018-15839 CRITICAL POC THREAT Act Now

D-Link DIR-615 devices have a buffer overflow via a long Authorization HTTP header. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow D-Link Dir 615 Firmware
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
45.3%
CVE-2018-15875 MEDIUM This Month

Cross-site scripting (XSS) vulnerability on D-Link DIR-615 routers 20.07 allows attackers to inject JavaScript into the router's admin UPnP page via the description field in an AddPortMapping UPnP. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS D-Link Dir 615 Firmware
NVD GitHub
CVSS 3.1
6.1
EPSS
1.2%
CVE-2018-15874 MEDIUM This Month

Cross-site scripting (XSS) vulnerability on D-Link DIR-615 routers 20.07 allows an attacker to inject JavaScript into the "Status -> Active Client Table" page via the hostname field in a DHCP request. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS D-Link Dir 615 Firmware
NVD GitHub
CVSS 3.1
6.1
EPSS
1.2%
CVE-2018-10431 HIGH POC This Week

D-Link DIR-615 2.5.17 devices allow Remote Code Execution via shell metacharacters in the Host field of the System / Traceroute screen. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE D-Link Command Injection Dir 615 Firmware
NVD GitHub
CVSS 3.0
7.2
EPSS
2.7%
CVE-2017-9542 CRITICAL Act Now

D-Link DIR-615 Wireless N 300 Router allows authentication bypass via a modified POST request to login.cgi. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

D-Link Authentication Bypass Dir 615 Firmware
NVD
CVSS 3.0
9.8
EPSS
2.2%
CVE-2017-7398 HIGH POC This Week

D-Link DIR-615 HW: T1 FW:20.09 is vulnerable to Cross-Site Request Forgery (CSRF) vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF D-Link Dir 615 Firmware
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
0.4%
EPSS 2% CVSS 7.2
HIGH POC This Week

Unauthenticated remote attackers can execute arbitrary OS commands on D-Link DIR-615 4.10 routers through manipulated routing parameters in the web configuration interface, requiring only network access and no user interaction. Public exploit code is available for this vulnerability, and D-Link has not released a patch for the end-of-life device.

D-Link PHP Command Injection +1
NVD VulDB
EPSS 0% CVSS 7.2
HIGH POC This Week

Remote code execution in D-Link DIR-615 firmware through os command injection via the dmz_ipaddr parameter in the DMZ Host Feature allows authenticated attackers to execute arbitrary commands with high privileges. Public exploit code exists for this vulnerability, which affects unsupported product versions with no available patch. The attack requires high-level authentication but can be launched over the network without user interaction.

D-Link PHP Command Injection +1
NVD VulDB
EPSS 0% CVSS 7.2
HIGH POC This Week

Unauthenticated remote attackers can inject arbitrary OS commands through the MAC filter configuration parameter in D-Link DIR-615 firmware version 4.10 and potentially earlier versions. Public exploit code exists for this vulnerability, and affected devices are no longer receiving security updates from D-Link. Successful exploitation grants complete system compromise with high impact to confidentiality, integrity, and availability.

D-Link PHP Command Injection +1
NVD VulDB
EPSS 1% CVSS 7.2
HIGH POC This Week

Command injection in D-Link DIR-615 firmware via the /set_temp_nodes.php URL Filter component allows unauthenticated remote attackers to execute arbitrary OS commands. Public exploit code exists for this vulnerability, which affects legacy unsupported devices with a 7.2 CVSS score and no available patch.

D-Link PHP Command Injection +1
NVD VulDB
EPSS 0% CVSS 7.2
HIGH POC This Week

Remote code execution in D-Link DIR-615 firmware through os command injection via the ipaddr parameter in the Web Management Interface allows unauthenticated remote attackers to execute arbitrary commands. The vulnerability affects unsupported firmware versions up to 4.10, and public exploit code is available. No patch has been released by the vendor.

D-Link PHP Command Injection +1
NVD VulDB
EPSS 2% CVSS 10.0
CRITICAL POC Act Now

Multiple D-Link DIR-series routers, including DIR-110, DIR-412, DIR-600, DIR-610, DIR-615, DIR-645, and DIR-815 firmware version 1.03, contain a vulnerability in the service.cgi endpoint that allows. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection D-Link Dir 110 Firmware +6
NVD GitHub Exploit-DB
EPSS 18% CVSS 5.3
MEDIUM POC THREAT This Month

A vulnerability classified as critical was found in D-Link DAP-1360, DIR-300, DIR-615, DIR-615GF, DIR-615S, DIR-615T, DIR-620, DIR-620S, DIR-806A, DIR-815, DIR-815AC, DIR-815S, DIR-816, DIR-820,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Information Disclosure Dir 825Acg1 Firmware +43
NVD GitHub VulDB
EPSS 67% 5.5 CVSS 9.8
CRITICAL POC THREAT Emergency

The WAN configuration page "wan.htm" on D-Link DIR-615 devices with firmware 20.06 can be accessed directly without authentication which can lead to disclose the information about WAN settings and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 67.4%.

D-Link Information Disclosure Dir 615 Firmware +3
NVD GitHub VulDB
EPSS 2% CVSS 6.5
MEDIUM POC This Month

An information disclosure issue exist in D-LINK-DIR-615 B2 2.01mt. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link PHP Information Disclosure +2
NVD GitHub
EPSS 4% CVSS 9.8
CRITICAL POC Act Now

A buffer overflow in D-Link DIR-615 C2 3.03WW. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow D-Link RCE +1
NVD GitHub
EPSS 20% CVSS 4.8
MEDIUM POC THREAT This Month

On D-Link DIR-615 devices, the User Account Configuration page is vulnerable to blind XSS via the name field. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS D-Link Dir 615 Firmware
NVD Exploit-DB
EPSS 3% CVSS 8.2
HIGH This Week

An issue discovered on D-Link DIR-615 devices with firmware version 20.05 and 20.07. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass D-Link Dir 615 Firmware
NVD GitHub
EPSS 100% CVSS 9.8
CRITICAL POC KEV THREAT Act Now

Unauthenticated remote code execution occurs in D-Link products such as DIR-655C, DIR-866L, DIR-652, and DHP-1565. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link RCE Command Injection +10
NVD
EPSS 45% CVSS 9.8
CRITICAL POC THREAT Act Now

D-Link DIR-615 devices have a buffer overflow via a long Authorization HTTP header. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow D-Link Dir 615 Firmware
NVD Exploit-DB
EPSS 1% CVSS 6.1
MEDIUM This Month

Cross-site scripting (XSS) vulnerability on D-Link DIR-615 routers 20.07 allows attackers to inject JavaScript into the router's admin UPnP page via the description field in an AddPortMapping UPnP. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS D-Link Dir 615 Firmware
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM This Month

Cross-site scripting (XSS) vulnerability on D-Link DIR-615 routers 20.07 allows an attacker to inject JavaScript into the "Status -> Active Client Table" page via the hostname field in a DHCP request. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS D-Link Dir 615 Firmware
NVD GitHub
EPSS 3% CVSS 7.2
HIGH POC This Week

D-Link DIR-615 2.5.17 devices allow Remote Code Execution via shell metacharacters in the Host field of the System / Traceroute screen. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE D-Link Command Injection +1
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL Act Now

D-Link DIR-615 Wireless N 300 Router allows authentication bypass via a modified POST request to login.cgi. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

D-Link Authentication Bypass Dir 615 Firmware
NVD
EPSS 0% CVSS 8.8
HIGH POC This Week

D-Link DIR-615 HW: T1 FW:20.09 is vulnerable to Cross-Site Request Forgery (CSRF) vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF D-Link Dir 615 Firmware
NVD Exploit-DB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy