CVE-2017-7404

Published: Jul 7, 2017

Modified: Aug 5, 2024

PUBLISHED

Description

On the D-Link DIR-615 before v20.12PTb04, if a victim logged in to the Router's Web Interface visits a malicious site from another Browser tab, the malicious site then can send requests to the victim's Router without knowing the credentials (CSRF). An attacker can host a page that sends a POST request to Form2File.htm that tries to upload Firmware to victim's Router. This causes the router to reboot/crash resulting in Denial of Service. An attacker may succeed in uploading malicious Firmware.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://www.qualys.com/2017/03/12/qsa-2017-03-12/qsa-2017-03-12.pdf

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2017-7404

Description

Affected Products

References