{"api_version":"1","generated_at":"2026-04-23T17:12:19+00:00","cve":"CVE-2017-9542","urls":{"html":"https://cve.report/CVE-2017-9542","api":"https://cve.report/api/cve/CVE-2017-9542.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2017-9542","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2017-9542"},"summary":{"title":"CVE-2017-9542","description":"D-Link DIR-615 Wireless N 300 Router allows authentication bypass via a modified POST request to login.cgi. This issue occurs because it fails to validate the password field. Successful exploitation of this issue allows an attacker to take control of the affected device.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2017-06-11 23:29:00","updated_at":"2023-04-26 18:55:00"},"problem_types":["CWE-287"],"metrics":[],"references":[{"url":"https://www.facebook.com/tigerBOY777/videos/1368513696568992/","name":"https://www.facebook.com/tigerBOY777/videos/1368513696568992/","refsource":"MISC","tags":["Permissions Required"],"title":"Sachin Wagh - #I_am_Back  #After_Long_Days...","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://twitter.com/tiger_tigerboy/status/873458088321220609","name":"https://twitter.com/tiger_tigerboy/status/873458088321220609","refsource":"MISC","tags":["Third Party Advisory"],"title":"Sachin Wagh na Twitterze: \"D-Link DIR-615 Wireless N 300 Router Authentication Bypass Vulnerability\n\nhttps://t.co/k6Q8eu4RKv\"","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/98992","name":"98992","refsource":"BID","tags":["Third Party Advisory","VDB Entry"],"title":"D-Link DIR-615 Wireless N 300 Router CVE-2017-9542 Authentication Bypass Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2017-9542","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-9542","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2017","cve_id":"9542","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"d-link","cpe5":"dir-615","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"9542","vulnerable":"0","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"d-link","cpe5":"dir-615","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"9542","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"d-link","cpe5":"dir-615_firmware","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"9542","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"d-link","cpe5":"dir-615_firmware","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"9542","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"dlink","cpe5":"dir-615","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2017-9542","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"D-Link DIR-615 Wireless N 300 Router allows authentication bypass via a modified POST request to login.cgi. This issue occurs because it fails to validate the password field. Successful exploitation of this issue allows an attacker to take control of the affected device."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"https://twitter.com/tiger_tigerboy/status/873458088321220609","refsource":"MISC","url":"https://twitter.com/tiger_tigerboy/status/873458088321220609"},{"name":"https://www.facebook.com/tigerBOY777/videos/1368513696568992/","refsource":"MISC","url":"https://www.facebook.com/tigerBOY777/videos/1368513696568992/"},{"name":"98992","refsource":"BID","url":"http://www.securityfocus.com/bid/98992"}]}},"nvd":{"publishedDate":"2017-06-11 23:29:00","lastModifiedDate":"2023-04-26 18:55:00","problem_types":["CWE-287"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":9.8,"baseSeverity":"CRITICAL"},"exploitabilityScore":3.9,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:C/I:C/A:C","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE","baseScore":10},"severity":"HIGH","exploitabilityScore":10,"impactScore":10,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"AND","children":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:d-link:dir-615_firmware:*:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":false,"cpe23Uri":"cpe:2.3:h:dlink:dir-615:-:*:*:*:*:*:*:*","cpe_name":[]}]}],"cpe_match":[]}]}},"legacy_mitre":{"record":{"CveYear":"2017","CveId":"9542","Ordinal":"106559","Title":"CVE-2017-9542","CVE":"CVE-2017-9542","Year":"2017"},"notes":[{"CveYear":"2017","CveId":"9542","Ordinal":"1","NoteData":"D-Link DIR-615 Wireless N 300 Router allows authentication bypass via a modified POST request to login.cgi. This issue occurs because it fails to validate the password field. Successful exploitation of this issue allows an attacker to take control of the affected device.","Type":"Description","Title":null},{"CveYear":"2017","CveId":"9542","Ordinal":"2","NoteData":"2017-06-11","Type":"Other","Title":"Published"},{"CveYear":"2017","CveId":"9542","Ordinal":"3","NoteData":"2017-06-13","Type":"Other","Title":"Modified"}]}}}