What is CVE-2015-7280?

CVE-2015-7280 is a publicly disclosed cybersecurity vulnerability with a HIGH severity rating and CVSS score of 10.

How to search for CVE vulnerabilities?

You can search the 4nuxd CVE database using CVE IDs, vendor names, product names, or severity levels.

CVE-2015-7280

HIGH10.0/ 10.0

Published: December 31, 2015 at 05:59 AM

Modified: April 12, 2025 at 10:46 AM

Source: cret@cert.org

Vulnerability Description

The web administration interface on ReadyNet WRT300N-DD devices with firmware 1.0.26 has a default password of admin for the admin account, which allows remote attackers to obtain administrative privileges by leveraging a LAN session.

CVSS Metrics

Base Score

10.0

Severity

HIGH

Vector String

AV:N/AC:L/Au:N/C:C/I:C/A:C

Weaknesses (CWE)

CWE-255

Source: nvd@nist.gov

AI Security Analysis

01 // Technical Summary

ReadyNet WRT300N-DD routers running firmware 1.0.26 are vulnerable to remote compromise due to a default administrative password. An attacker can gain complete control of the device, potentially leading to network breaches, data theft, and device manipulation by simply logging in with the default credentials.

02 // Vulnerability Mechanism

Step 1: Network Discovery: The attacker identifies a ReadyNet WRT300N-DD router on the local network, likely by scanning the network for common IP ranges and open ports (e.g., port 80 for the web interface).

Step 2: Web Interface Access: The attacker navigates to the router's web administration interface using the router's IP address in a web browser (e.g., http://192.168.1.1).

Step 3: Authentication Attempt: The attacker attempts to log in using the default credentials: username 'admin' and password 'admin'.

Step 4: Successful Login: Because the default password has not been changed, the authentication succeeds, granting the attacker administrative privileges.

Step 5: System Compromise: The attacker can now access and modify the router's settings, including changing the DNS servers, redirecting traffic, installing malicious firmware, or gaining access to connected devices on the network.

03 // Deep Technical Analysis

The vulnerability stems from the manufacturer's failure to change the default administrative password ('admin') during the device's configuration. This oversight allows any user on the local network to bypass authentication and gain full administrative access to the router's web interface. The root cause is a lack of secure configuration practices and a failure to enforce password changes upon initial setup. The web interface likely uses basic HTTP authentication, making it trivial to exploit.