Vulnerability Description
The D-Link DIR-615 with firmware 3.10NA does not require administrative authentication for apply.cgi, which allows remote attackers to (1) change the admin password via the admin_password parameter, (2) disable the security requirement for the Wi-Fi network via unspecified vectors, or (3) modify DNS settings via unspecified vectors.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Dlink | Dir-615 | 3.10na |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/37777Vendor Advisory
- http://www.hiredhacker.com/2009/12/15/d-link-dir-615-remote-exploit/Exploit
- http://www.securityfocus.com/bid/37415
- http://secunia.com/advisories/37777Vendor Advisory
- http://www.hiredhacker.com/2009/12/15/d-link-dir-615-remote-exploit/Exploit
- http://www.securityfocus.com/bid/37415
FAQ
What is CVE-2009-4821?
CVE-2009-4821 is a vulnerability with a CVSS score of 5.0 (MEDIUM). The D-Link DIR-615 with firmware 3.10NA does not require administrative authentication for apply.cgi, which allows remote attackers to (1) change the admin password via the admin_password parameter, (...
How severe is CVE-2009-4821?
CVE-2009-4821 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-4821?
Check the references section above for vendor advisories and patch information. Affected products include: Dlink Dir-615.