CVE-2023-41603

D-Link R15 before v1.08.02 was discovered to contain no firewall restrictions for IPv6 traffic. This allows attackers to arbitrarily access any services running on the device that may be inadvertently listening via IPv6.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:dlink:r15_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dlink:r15:-:*:*:*:*:*:*:*

History

17 Jun 2025, 16:15

Type Values Removed Values Added
CWE CWE-284

21 Nov 2024, 08:21

Type Values Removed Values Added
References () https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10347 - Patch, Vendor Advisory () https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10347 - Patch, Vendor Advisory

12 Jan 2024, 19:13

Type Values Removed Values Added
First Time Dlink r15
Dlink
Dlink r15 Firmware
References () https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10347 - () https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10347 - Patch, Vendor Advisory
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 5.3
CWE NVD-CWE-noinfo
CPE cpe:2.3:o:dlink:r15_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dlink:r15:-:*:*:*:*:*:*:*

10 Jan 2024, 13:56

Type Values Removed Values Added
Summary
  • (es) Se descubrió que D-Link R15 anterior a v1.08.02 no contenía restricciones de firewall para el tráfico IPv6. Esto permite a los atacantes acceder arbitrariamente a cualquier servicio que se ejecute en el dispositivo y que pueda estar escuchando inadvertidamente a través de IPv6.

10 Jan 2024, 08:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-01-10 08:15

Updated : 2025-06-17 16:15


NVD link : CVE-2023-41603

Mitre link : CVE-2023-41603

CVE.ORG link : CVE-2023-41603


JSON object : View

Products Affected

dlink

  • r15
  • r15_firmware
CWE
NVD-CWE-noinfo CWE-284

Improper Access Control