CVE-2015-7246
D-Link DVGN5402SP - Multiple Vulnerabilities
Severity Score
9.8
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
3
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 has a default password of root for the root account and tw for the tw account, which makes it easier for remote attackers to obtain administrative access.
DLink DVGN5402SP con firmware W1000CN00, W1000CN03 o W2000EN00 tiene una contraseña predeterminada de root para la cuenta root y tw para la cuenta tw, lo que hace más fácil a atacantes remotos obtener acceso administrativo.
D-Link DVG-N5402SP suffers from path traversal, weak credential management, and information leakage vulnerabilities.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2015-09-18 CVE Reserved
- 2016-02-03 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-06 CVE Updated
- 2024-08-06 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-798: Use of Hard-coded Credentials
CAPEC
References (3)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/39409 | 2024-08-06 | |
| http://packetstormsecurity.com/files/135590/D-Link-DVG-N5402SP-Path-Traversal-Information-Disclosure.html | 2024-08-06 | |
| http://seclists.org/fulldisclosure/2016/Feb/24 | 2024-08-06 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| D-link Search vendor "D-link" | Dvg-n5402sp Firmware Search vendor "D-link" for product "Dvg-n5402sp Firmware" | w1000cn-00 Search vendor "D-link" for product "Dvg-n5402sp Firmware" and version "w1000cn-00" | - |
Affected
| in | Dlink Search vendor "Dlink" | Dvg-n5402sp Search vendor "Dlink" for product "Dvg-n5402sp" | - | - |
Safe
|
| D-link Search vendor "D-link" | Dvg-n5402sp Firmware Search vendor "D-link" for product "Dvg-n5402sp Firmware" | w1000cn-03 Search vendor "D-link" for product "Dvg-n5402sp Firmware" and version "w1000cn-03" | - |
Affected
| in | Dlink Search vendor "Dlink" | Dvg-n5402sp Search vendor "Dlink" for product "Dvg-n5402sp" | - | - |
Safe
|
| D-link Search vendor "D-link" | Dvg-n5402sp Firmware Search vendor "D-link" for product "Dvg-n5402sp Firmware" | w2000en-00 Search vendor "D-link" for product "Dvg-n5402sp Firmware" and version "w2000en-00" | - |
Affected
| in | Dlink Search vendor "Dlink" | Dvg-n5402sp Search vendor "Dlink" for product "Dvg-n5402sp" | - | - |
Safe
|