This page lists publicly disclosed CVE vulnerabilities affecting dlink r15_firmware (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2025-60854 | A vulnerability has been found in D-Link R15 (AX1500) 1.20.01 and below. By manipulating the model name parameter during a password change request in the web administrator page, it is possible to trigger a command injection in httpd. | [email protected] | 9.8 | 1.01% | 2025-12-02 | 2025-12-06 |
| CVE-2023-41603 | D-Link R15 before v1.08.02 was discovered to contain no firewall restrictions for IPv6 traffic. This allows attackers to arbitrarily access any services running on the device that may be inadvertently listening via IPv6. | [email protected] | 5.3 | 0.49% | 2024-01-10 | 2025-06-17 |