Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
On the D-Link DIR-615 before v20.12PTb04, once authenticated, this device identifies the user based on the IP address of his machine. By spoofing the IP address belonging to the victim's host, an attacker might be able to take over the administrative session without being prompted for authentication credentials. An attacker can get the victim's and router's IP addresses by simply sniffing the network traffic. Moreover, if the victim has web access enabled on his router and is accessing the web interface from a different network that is behind the NAT/Proxy, an attacker can sniff the network traffic to know the public IP address of the victim's router and take over his session as he won't be prompted for credentials.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
D-Link DIR-615 授权问题漏洞
Vulnerability Description
D-Link DIR-615是中国台湾友讯(D-Link)公司的一款无线路由器。 D-Link DIR-615 20.12PTb04之前的版本中存在授权问题漏洞。攻击者可通过嗅探网络流量利用该漏洞获取用户和路由器的IP地址,甚至获取public IP地址并接管用户会话。
CVSS Information
N/A
Vulnerability Type
N/A