Vulnerabilities
Misconfiguration
Runtime Security
Compliance
CVE Vulnerabilities

CVE-2017-7406

Improper Certificate Validation

Published: Jul 07, 2017 | Modified: Apr 23, 2021
CVSS 3.x
9.8
CRITICAL
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
5 MEDIUM
AV:N/AC:L/Au:N/C:P/I:N/A:N
RedHat/V2
RedHat/V3
Ubuntu
Additional information
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2017-7406
CWEhttps://cwe.mitre.org/data/definitions/295.html

The D-Link DIR-615 device before v20.12PTb04 doesnt use SSL for any of the authenticated pages. Also, it doesnt allow the user to generate his own SSL Certificate. An attacker can simply monitor network traffic to steal a users credentials and/or credentials of users being added while sniffing the traffic.

Weakness

The product does not validate, or incorrectly validates, a certificate.

Affected Software

Name Vendor Start Version End Version
Dir-615 Dlink * 20.12ptb01 (including)

Potential Mitigations

References

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2024 Aqua Security Software Ltd.   Privacy Policy | Terms of Use