CVE-2017-7405

On the D-Link DIR-615 before v20.12PTb04, once authenticated, this device identifies the user based on the IP address of his machine. By spoofing the IP address belonging to the victim's host, an attacker might be able to take over the administrative session without being prompted for authentication credentials. An attacker can get the victim's and router's IP addresses by simply sniffing the network traffic. Moreover, if the victim has web access enabled on his router and is accessing the web interface from a different network that is behind the NAT/Proxy, an attacker can sniff the network traffic to know the public IP address of the victim's router and take over his session as he won't be prompted for credentials.

CVSS v3 9.8 CRITICAL
CVSS v2.0 7.5 HIGH

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-615/REVT/DIR-615_REVT_FIRMWARE_PATCH_v20.12PTb04.zip	Patch Vendor Advisory
https://www.qualys.com/2017/03/12/qsa-2017-03-12/qsa-2017-03-12.pdf	Third Party Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:dlink:dir-615:*:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dir-615:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2017-07-07 12:29

Updated : 2023-12-10 12:15

NVD link : CVE-2017-7405

Mitre link : CVE-2017-7405

CVE.ORG link : CVE-2017-7405

JSON object : View

Products Affected

dlink

dir-615

CWE

CWE-287

Improper Authentication

{"id": "CVE-2017-7405", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2017-07-07T12:29:00.293", "references": [{"url": "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-615/REVT/DIR-615_REVT_FIRMWARE_PATCH_v20.12PTb04.zip", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.qualys.com/2017/03/12/qsa-2017-03-12/qsa-2017-03-12.pdf", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-287"}]}], "descriptions": [{"lang": "en", "value": "On the D-Link DIR-615 before v20.12PTb04, once authenticated, this device identifies the user based on the IP address of his machine. By spoofing the IP address belonging to the victim's host, an attacker might be able to take over the administrative session without being prompted for authentication credentials. An attacker can get the victim's and router's IP addresses by simply sniffing the network traffic. Moreover, if the victim has web access enabled on his router and is accessing the web interface from a different network that is behind the NAT/Proxy, an attacker can sniff the network traffic to know the public IP address of the victim's router and take over his session as he won't be prompted for credentials."}, {"lang": "es", "value": "En D-Link DIR-615 en versiones anteriores a la v20.12PTb04, una vez autenticado, el dispositivo identifica al usuario bas\u00e1ndose en la direcci\u00f3n IP de su m\u00e1quina. Al suplantar la direcci\u00f3n IP perteneciente al host de la v\u00edctima, un atacante podr\u00eda ser capaz de asumir el control de la sesi\u00f3n administrativa sin que se le pidan credenciales de autenticaci\u00f3n. Un atacante puede conseguir las direcciones IP de la v\u00edctima y del router suplantando el tr\u00e1fico de red. Adem\u00e1s, si al v\u00edctima tiene el acceso web habilitado en su router y est\u00e1 accediendo a la interfaz web desde una red distinta que est\u00e1 detr\u00e1s del NAT/Proxy, un atacante puede suplantar el tr\u00e1fico de red para conocer la direcci\u00f3n IP p\u00fablica del router de la v\u00edctima y tomar el control de su sesi\u00f3n, ya que no se le pedir\u00e1n credenciales."}], "lastModified": "2021-04-23T14:54:52.760", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:dlink:dir-615:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F1744224-B87C-4342-AC97-21668EB17709", "versionEndIncluding": "20.12ptb01"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:dlink:dir-615:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "05E1CAC5-130B-4B49-85B9-DEEA5ED57B61"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}