cvedb.io
CVE-2017-7406
CRITICAL · CVSS 9.8
EPSS exploitation probability: 0%
Published 2017-07-07T12:29:00.323 · Last modified 2026-06-17T01:24:17.193

Summary

The D-Link DIR-615 device before v20.12PTb04 doesn't use SSL for any of the authenticated pages. Also, it doesn't allow the user to generate his own SSL Certificate. An attacker can simply monitor network traffic to steal a user's credentials and/or credentials of users being added while sniffing the traffic.

Affected products

dlink — dir-615

Does this affect you?

Add your gear to cvedb and we'll alert you only when dlink ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.